cbcvebase.
CVE-2014-8525
published 2014-10-29

CVE-2014-8525: McAfee Network Data Loss Prevention (NDLP) before 9.3 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier…

PriorityP420medium5CVSS 2.0
AVNACLAuNCPINAN
EPSS
1.35%
68.1th percentile
McAfee Network Data Loss Prevention (NDLP) before 9.3 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.

Affected

4 ranges
VendorProductVersion rangeFixed in
mcafeenetwork_data_loss_prevention<= 9.2.2
mcafeenetwork_data_loss_prevention
mcafeenetwork_data_loss_prevention
mcafeenetwork_data_loss_prevention
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.