Vulnerability Database

314,433

Total vulnerabilities in the database

CVE-2016-6344

Red Hat JBoss BPM Suite 6.3.x does not include the HTTPOnly flag in a Set-Cookie header for session cookies, which makes it easier for remote attackers to obtain potentially sensitive information via script access to the cookies.

  • Published: Sep 7, 2016
  • Updated: Nov 9, 2025
  • CVE: CVE-2016-6344
  • Severity: Medium
  • Exploit:

CVSS v2:

  • Severity: Medium
  • Score: 5
  • AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

Software From Fixed in
redhat / jboss_bpm_suite 6.3 6.3.x