CVE-2019-17104: Reliance on Cookies without Validation and Integrity Checking

May 24, 2022 (updated July 17, 2023)

In Centreon VM through 19.04.3, the cookie configuration within the Apache HTTP Server does not protect against theft because the HTTPOnly flag is not set.

References

github.com/advisories/GHSA-j224-7qr4-8646
github.com/centreon/centreon-archived/issues/7097
nvd.nist.gov/vuln/detail/CVE-2019-17104
www.openwall.com/lists/oss-security/2019/10/08/1

Code Behaviors & Features

Detect and mitigate CVE-2019-17104 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →