In Centreon VM up to and including 19.04.3, the cookie configuration within the Apache HTTP Server does not protect against theft because the HTTPOnly flag is not set.
Centreon
========
"Centreon is the N°1 Open Source IT Infrastructure Monitoring Solution"
Multiple vulnerabilites were discovered in Centreon-Web in december 2018 and fixed in early 2019 over the course of two
minor releases on both branches in versions 2827/2828 and 18104/18105
documentationcentreoncom/docs/centreon/en/late ...
Hello,
My advisory posted yesterday contains a problematic typo: CVE-2019-17017 should have been written CVE-2019-17107 Sorry
for the inconvenience it may have caused
Here is the corrected context:
Original advisory follows
Guillaume Quéré ...