This security bulletin contains information about 1 vulnerabilities.
Updated list of affected versions.
Changed bulletin status to patched, lowered severity rating of this issue.
Exploit availability: NoDescription
The vulnerability allows a remote attacker to access sensitive information on the target system.
The vulnerability exists due to the cookie configuration within the Apache HTTP Server does not have protection against theft because the HTTPOnly flag is not set. A remote attacker can eavesdropping cookies on the network and obtain sensitive information.
The vendor will update documentation oh how to configure HTTPS on a virtual machine.
Centreon: 19.04.0 - 19.04.8, 18.10.0 - 18.10.10, 2.99.1 - 2.99.5, 2.8.0 - 2.8.216, 2.7.0 - 2.7.13, 2.6.0 - 2.6.6, 2.5.0 - 2.5.4, 2.4.0 - 2.4.4, 19.10.2 - 19.10.5
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?