Date: Thu, 26 Jun 2014 10:38:46 +0300 From: Henri Salo <henri@...v.fi> To: oss-security@...ts.openwall.com Subject: Re: Re: Question regarding CVE applicability of missing HttpOnly flag On Thu, Jun 26, 2014 at 05:30:46PM +1000, Murray McAllister wrote: > But websites set lots of cookies, which if stolen, have no relevance > to being able to access the user's session, or do much of anything > useful with anyway. I believe a lot of the "this cookie does not > have HTTPOnly" issues are non-issues. Those CVEs should be REJECTED. Can you provide list of non-issues with CVE? --- Henri Salo Download attachment "signature.asc" of type "application/pgp-signature" (199 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ