CVE-2013-4964 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2013-4964 Interim 1 3 2021-06-09T09:20:21Z current 2021-05-30T13:15:00Z 2021-06-09T09:20:21Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2013-4964 Puppet Enterprise before 3.0.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings Puppet Enterprise before 3.0.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. CVE-2013-4964 moderate 5 AV:N/AC:L/Au:N/C:N/I:P/A:N