Home > Vulnerability Database > CVE-2014-9634

Mend.io Vulnerability Database

CVE-2014-9634

Good to know:

Date: September 12, 2017

Jenkins before 1.586 does not set the secure flag on session cookies when run on Tomcat 7.0.41 or later, which makes it easier for remote attackers to capture cookies by intercepting their transmission within an HTTP session.

Language: Java

Severity Score

5.3

Related Resources (10)

Url: https://github.com/jenkinsci/jenkins/commit/582128b9ac179a788d43c1478be8a5224dc19710

Url: https://jenkins.io/changelog-old/

Url: https://bugzilla.redhat.com/show_bug.cgi?id=1185148

Url: https://nvd.nist.gov/vuln/detail/CVE-2014-9634

Url: https://jenkins.io/changelog-old

Url: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=769682

Url: http://www.openwall.com/lists/oss-security/2015/01/22/3

Url: http://www.securityfocus.com/bid/72054

Url: https://issues.jenkins-ci.org/browse/JENKINS-25019

Url: https://www.mend.io/vulnerability-database/CVE-2014-9634

Severity Score

5.3

Weakness Type (CWE)

Security Features

CWE-254

Top Fix

Upgrade Version

Upgrade to version jenkins-1.586

Learn More

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	5.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2014-9634

Good to know:

Date: September 12, 2017

Language: Java

Severity Score

Related Resources (10)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?