Missing HTTPOnly Flag in Set-Cookie Header for GEARID Cookie in Red Hat OpenShift Enterprise 2

Missing HTTPOnly Flag in Set-Cookie Header for GEARID Cookie in Red Hat OpenShift Enterprise 2

CVE-2016-5409 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

Red Hat OpenShift Enterprise 2 does not include the HTTPOnly flag in a Set-Cookie header for the GEARID cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to the cookies.

Learn more about our Web Application Penetration Testing UK.