Medium severity5.3NVD Advisory· Published Sep 7, 2016· Updated May 6, 2026

CVE-2016-6344

Description

Red Hat JBoss BPM Suite 6.3.x does not include the HTTPOnly flag in a Set-Cookie header for session cookies, which makes it easier for remote attackers to obtain potentially sensitive information via script access to the cookies.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/92714nvdThird Party AdvisoryVDB Entry
bugzilla.redhat.com/show_bug.cginvdIssue Tracking
rhn.redhat.com/errata/RHSA-2017-0248.htmlnvd
rhn.redhat.com/errata/RHSA-2017-0249.htmlnvd

News mentions

No linked articles in our index yet.

cvss	0.345
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000