CVE

CVE-2016-6344 (jboss_bpm_suite)

admin

CVE-2016-6344 (jboss_bpm_suite)

Red Hat JBoss BPM Suite 6.3.x does not include the HTTPOnly flag in a Set-Cookie header for session cookies, which makes it easier for remote attackers to obtain potentially sensitive information via script access to the cookies.

Source: CVE-2016-6344 (jboss_bpm_suite)

Exit mobile version