CVE-2012-4846

Currently unrated

Key Information:

Vendor: IBM
Status: Lotus Notes
Vendor: CVE Published:; 19 December 2012

Summary

IBM Lotus Notes 8.5.x before 8.5.3 FP3 does not include the HTTPOnly flag in a Set-Cookie header for a web-application cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, aka SPRs JMAS7TRNLN and SRAO8U3Q68.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/79535

vdb-entryx_refsource_XF

http://www.ibm.com/support/docview.wss?uid=swg21620361

x_refsource_CONFIRM

http://www.ibm.com/support/docview.wss?uid=swg21619604

x_refsource_CONFIRM

Timeline

Vulnerability published
Dec 19, 2012
Vulnerability Reserved
Sep 6, 2012