Cookie Configuration Flaw in Centreon VM Affects User Security
CVE-2019-17104

7.5HIGH

Key Information:

Vendor

Centreon

Status
Centreon Vm
Vendor
CVE Published:
8 October 2019

What is CVE-2019-17104?

The Centreon VM product, prior to version 19.04.3, is susceptible to a cookie configuration vulnerability within the Apache HTTP Server. This flaw arises because the HTTPOnly flag is not set on cookies, leading to potential cookie theft. If exploited, this vulnerability can allow attackers to access user session data, jeopardizing user security and potentially leading to unauthorized access to sensitive information.

References

https://github.com/centreon/centreon/issues/7097
x_refsource_MISC
https://www.openwall.com/lists/oss-security/2019/10/08/1
x_refsource_MISC
http://www.openwall.com/lists/oss-security/2019/10/09/2
mailing-listx_refsource_MLIST

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.