Jenkins 7PK - Security Features Vulnerability - CVE-2014-9635 - Vulnerability Database

Jenkins 7PK - Security Features Vulnerability - CVE-2014-9635

Medium

Reference: CVE-2014-9635

NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2014-9635

Title: Jenkins 7PK - Security Features Vulnerability

Overview:

Jenkins before 1.586 does not set the HttpOnly flag in a Set-Cookie header for session cookies when run on Tomcat 7.0.41 or later which makes it easier for remote attackers to obtain potentially sensitive information via script access to cookies.