CVE-2013-7436

EPSS 0.61%

Published: 4/10/2015Modified: 4/28/2026

Also known as:DEBIAN-CVE-2013-7436

Description

noVNC before 0.5 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.

Affected packages (1)

Debian/novncfrom 0, < 1:0.4+dfsg+1+20131010+gitf68af8af3d-4

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2013-7436