CVE-2004-0462 - The built-in web servers for multiple networking devices do not set the Secure attribute for sensiti

CVE-2004-0462

Summary

The built-in web servers for multiple networking devices do not set the Secure attribute for sensitive cookies in HTTPS sessions, which could cause the user agent to send those cookies in plaintext over an HTTP session with the same server.

References

http://www.kb.cert.org/vuls/id/546483
https://exchange.xforce.ibmcloud.com/vulnerabilities/17702

Vulnerable Configurations

CVSS

Base:	2.1 (as of 11-07-2017 - 01:30)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:L/AC:L/Au:N/C:P/I:N/A:N

refmap via4

cert-vn	VU#546483
xf	network-device-secure-plaintext(17702)

Last major update

11-07-2017 - 01:30

Published

31-12-2004 - 05:00

Last modified

11-07-2017 - 01:30