Sensitive Cookies Vulnerability in Networking Devices by Multiple Vendors
CVE-2004-0462

Currently unrated

Key Information:

Vendor: Multiple Vendors
Status: Networking Devices
Vendor: CVE Published:; 31 December 2004

🔔 Create Multiple Vendors Vulnerability Alert

What is CVE-2004-0462?

Various networking devices have a vulnerability that arises from the failure to set the Secure attribute for sensitive cookies during HTTPS sessions. As a result, these cookies may be transmitted in plaintext if the same server is accessed through an HTTP session. This flaw compromises the confidentiality of user sessions and may lead to unauthorized access if exploited by malicious actors. It is crucial for administrators to review their device settings to mitigate this risk and safeguard sensitive information.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/17702

vdb-entryx_refsource_XF

http://www.kb.cert.org/vuls/id/546483

third-party-advisoryx_refsource_CERT-VN

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 31, 2004
Vulnerability Reserved
May 12, 2004

JSON