CVE-2014-0634
EMC VPLEX GeoSynchrony 4.x-5.x - Information Disclosure via Missing HttpOnly Cookie Flag
Title source: llmDescription
EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.
References (1)
Core 1
Core References
Third Party Advisory mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2014-03/0157.html
Scores
EPSS
0.0037
EPSS Percentile
58.7%
Details
CWE
CWE-20
Status
published
Products (5)
emc/vplex_geosynchrony
4.0
emc/vplex_geosynchrony
5.0
emc/vplex_geosynchrony
5.1
emc/vplex_geosynchrony
5.2
emc/vplex_geosynchrony
5.2.1
Published
Apr 01, 2014
Tracked Since
Feb 18, 2026