SecuritySpace - CVE-2016-2304

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

CVE ID: CVE-2016-2304

Description: Ecava IntegraXor before 5.0 build 4522 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.

Test IDs: None available

Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2016-2304
https://ics-cert.us-cert.gov/advisories/ICSA-16-105-03

CVE ID:	CVE-2016-2304
Description:	Ecava IntegraXor before 5.0 build 4522 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.
Test IDs:	None available
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2016-2304 https://ics-cert.us-cert.gov/advisories/ICSA-16-105-03