CVE-2014-0174

Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.

Published: Jul 11, 2014
Updated: Apr 13, 2023
CVE: CVE-2014-0174
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N

CWEs:

CWE-200

Affected Software
References

Software	From	Fixed in
redhat / enterprise_mrg	2.5	2.5.x

http://rhn.redhat.com/errata/RHSA-2014-0858.html
http://rhn.redhat.com/errata/RHSA-2014-0859.html

Vulnerability Database

289,697

CVE-2014-0174