CVE-2016-6344 (jboss_bpm_suite)

Posted on 2016년 9월 8일2016년 9월 9일 by admin

Red Hat JBoss BPM Suite 6.3.x does not include the HTTPOnly flag in a Set-Cookie header for session cookies, which makes it easier for remote attackers to obtain potentially sensitive information via script access to the cookies.

Source: CVE-2016-6344 (jboss_bpm_suite)

답글 남기기 응답 취소