noVNC before 0.5 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Novnc | Kanaka | 0.4 (including) | 0.4 (including) |
OpenStack 4 for RHEL 6 | RedHat | novnc-0:0.5.1-2.el6ost | * |
Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6 | RedHat | novnc-0:0.5.1-2.el6ost | * |
Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7 | RedHat | novnc-0:0.5.1-2.el7ost | * |
Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7 | RedHat | novnc-0:0.5.1-2.el7ost | * |
Novnc | Ubuntu | precise | * |
Novnc | Ubuntu | trusty | * |
Novnc | Ubuntu | upstream | * |
Novnc | Ubuntu | utopic | * |