Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 26 Jun 2014 10:38:46 +0300
From: Henri Salo <henri@...v.fi>
To: oss-security@...ts.openwall.com
Subject: Re: Re: Question regarding CVE applicability of
 missing HttpOnly flag

On Thu, Jun 26, 2014 at 05:30:46PM +1000, Murray McAllister wrote:
> But websites set lots of cookies, which if stolen, have no relevance
> to being able to access the user's session, or do much of anything
> useful with anyway. I believe a lot of the "this cookie does not
> have HTTPOnly" issues are non-issues.

Those CVEs should be REJECTED. Can you provide list of non-issues with CVE?

---
Henri Salo

Download attachment "signature.asc" of type "application/pgp-signature" (199 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ