Vulnerability Description
EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Emc | Vplex Geosynchrony | 4.0 |
Related Weaknesses (CWE)
References
- http://archives.neohapsis.com/archives/bugtraq/2014-03/0157.html
- http://archives.neohapsis.com/archives/bugtraq/2014-03/0157.html
FAQ
What is CVE-2014-0634?
CVE-2014-0634 is a vulnerability with a CVSS score of 6.0 (MEDIUM). EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which makes it easier for remote attackers to obtain potentially sens...
How severe is CVE-2014-0634?
CVE-2014-0634 has been rated MEDIUM with a CVSS base score of 6.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-0634?
Check the references section above for vendor advisories and patch information. Affected products include: Emc Vplex Geosynchrony.