#VU22317 Reliance on Cookies without Validation and Integrity Checking in Centreon - CVE-2019-17104
Published: October 29, 2019 / Updated: July 6, 2020
Vulnerability identifier: #VU22317
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2019-17104
CWE-ID: CWE-565
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Centreon
Centreon
Software vendor:
Centreon
Centreon
Description
The vulnerability allows a remote attacker to access sensitive information on the target system.
The vulnerability exists due to the cookie configuration within the Apache HTTP Server does not have protection against theft because the HTTPOnly flag is not set. A remote attacker can eavesdropping cookies on the network and obtain sensitive information.
Remediation
The vendor will update documentation oh how to configure HTTPS on a virtual machine.