CVE-2013-7436 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2013-7436 Interim 1 10 2023-02-15T02:03:41Z current 2021-05-30T13:17:05Z 2023-02-15T02:03:41Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2013-7436 noVNC before 0.5 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/sle-security-updates/2015-July/001510.html E-Mail link for SUSE-SU-2015:1300-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE OpenStack Cloud 5 novnc-0.4-0.13.1 novnc-0.4-0.13.1 as a component of SUSE OpenStack Cloud 5 noVNC before 0.5 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. CVE-2013-7436 SUSE OpenStack Cloud 5:novnc-0.4-0.13.1 moderate 8.5 AV:N/AC:L/Au:N/C:C/I:P/A:N