CVE-2013-7436

NONE EPSS 80.2%
Published Apr 10, 201511y ago · Modified Jun 17, 20262w ago
Find Similar
Published Apr 10, 2015 11y ago
Last Modified Jun 17, 2026 2w ago

Description

noVNC before 0.5 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.

Threat Intelligence

EPSS Exploit Probability
80.2% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-310

Affected Products 1

VendorProductVersionRange
kanakanovnc0.4any

References 8

  • rhn.redhat.com http://rhn.redhat.com/errata/RHSA-2015-0788.html
  • rhn.redhat.com http://rhn.redhat.com/errata/RHSA-2015-0833.html
  • rhn.redhat.com http://rhn.redhat.com/errata/RHSA-2015-0834.html
  • rhn.redhat.com http://rhn.redhat.com/errata/RHSA-2015-0884.html
  • openwall.com http://www.openwall.com/lists/oss-security/2015/02/17/1
  • openwall.com http://www.openwall.com/lists/oss-security/2015/03/12/13
  • bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=1193451
  • github.com https://github.com/kanaka/noVNC/commit/ad941faddead705cd611921730054767a0b32dcd

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.