CVE-2016-6344
published 2016-09-07CVE-2016-6344: Red Hat JBoss BPM Suite 6.3.x does not include the HTTPOnly flag in a Set-Cookie header for session cookies, which makes it easier for remote attackers to…
medium5.3CVSS 3.0
AVNACLPRNUINSUCLINAN
Red Hat JBoss BPM Suite 6.3.x does not include the HTTPOnly flag in a Set-Cookie header for session cookies, which makes it easier for remote attackers to obtain potentially sensitive information via script access to the cookies.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| redhat | jboss_bpm_suite | — | — |