Vulnerabilities

CVE-2009-3566

by Fred · 13/11/2009

McAfee IntruShield Network Security Manager (NSM) before 5.1.11.8.1 does not include the HTTPOnly flag in the Set-Cookie header for the session identifier, which allows remote attackers to hijack a session by leveraging a cross-site scripting (XSS) vulnerability.

Date published : 2009-11-13

http://www.securityfocus.com/bid/37004

http://www.securityfocus.com/archive/1/507822/100/0/threaded

Similar

Tags: Cybersecurity Alert