CVE-2016-5409

Published: Apr 20, 2017Modified: May 13, 2026

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Red Hat OpenShift Enterprise 2 does not include the HTTPOnly flag in a Set-Cookie header for the GEARID cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to the cookies.

Affected (1)

Products: Redhat: Openshift

Redhat

1 product

Openshift

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Redhat Openshift	Version 2.0

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (4)

http://www.securityfocus.com/bid/97988

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1366461

Source: secalert@redhat.com

Issue Tracking

http://www.securityfocus.com/bid/97988

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/show_bug.cgi?id=1366461

Source: af854a3a-2127-422b-91ae-364da2661108

Issue Tracking

Timeline

No history available yet.