Medium severity5.3NVD Advisory· Published Sep 12, 2017· Updated Jun 17, 2026
CVE-2014-9634
CVE-2014-9634
Description
Jenkins before 1.586 does not set the secure flag on session cookies when run on Tomcat 7.0.41 or later, which makes it easier for remote attackers to capture cookies by intercepting their transmission within an HTTP session.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.jenkins-ci.main:jenkins-coreMaven | < 1.586 | 1.586 |
Affected products
2Patches
Vulnerability mechanics
References
10- github.com/jenkinsci/jenkins/commit/582128b9ac179a788d43c1478be8a5224dc19710nvdPatchThird Party AdvisoryWEB
- www.openwall.com/lists/oss-security/2015/01/22/3nvdMailing ListThird Party AdvisoryWEB
- www.securityfocus.com/bid/72054nvdThird Party AdvisoryVDB EntryWEB
- bugs.debian.org/cgi-bin/bugreport.cginvdThird Party AdvisoryWEB
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingThird Party AdvisoryVDB EntryWEB
- github.com/advisories/GHSA-g7cf-wg27-qw87ghsaADVISORY
- issues.jenkins-ci.org/browse/JENKINS-25019nvdIssue TrackingVendor AdvisoryWEB
- jenkins.io/changelog-old/nvdRelease NotesVendor Advisory
- nvd.nist.gov/vuln/detail/CVE-2014-9634ghsaADVISORY
- jenkins.io/changelog-oldghsaWEB
News mentions
0No linked articles in our index yet.