Unrated severityNVD Advisory· Published Apr 10, 2015· Updated Jun 17, 2026
CVE-2013-7436
CVE-2013-7436
Description
noVNC before 0.5 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
8- rhn.redhat.com/errata/RHSA-2015-0788.htmlnvd
- rhn.redhat.com/errata/RHSA-2015-0833.htmlnvd
- rhn.redhat.com/errata/RHSA-2015-0834.htmlnvd
- rhn.redhat.com/errata/RHSA-2015-0884.htmlnvd
- www.openwall.com/lists/oss-security/2015/02/17/1nvd
- www.openwall.com/lists/oss-security/2015/03/12/13nvd
- bugzilla.redhat.com/show_bug.cginvd
- github.com/kanaka/noVNC/commit/ad941faddead705cd611921730054767a0b32dcdnvd
News mentions
0No linked articles in our index yet.