Vulnerability Description
In Centreon VM through 19.04.3, the cookie configuration within the Apache HTTP Server does not protect against theft because the HTTPOnly flag is not set.
CVSS Score
7.5
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Centreon | Centreon Vm | <= 19.04.3 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2019/10/09/2Mailing ListThird Party Advisory
- https://github.com/centreon/centreon/issues/7097Third Party Advisory
- https://www.openwall.com/lists/oss-security/2019/10/08/1Mailing ListThird Party Advisory
- http://www.openwall.com/lists/oss-security/2019/10/09/2Mailing ListThird Party Advisory
- https://github.com/centreon/centreon/issues/7097Third Party Advisory
- https://www.openwall.com/lists/oss-security/2019/10/08/1Mailing ListThird Party Advisory
FAQ
What is CVE-2019-17104?
CVE-2019-17104 is a vulnerability with a CVSS score of 7.5 (HIGH). In Centreon VM through 19.04.3, the cookie configuration within the Apache HTTP Server does not protect against theft because the HTTPOnly flag is not set.
How severe is CVE-2019-17104?
CVE-2019-17104 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-17104?
Check the references section above for vendor advisories and patch information. Affected products include: Centreon Centreon Vm.