Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Missing Cookie Flags
Vulnerability Description
A vulnerability in OTRS Application Server and reverse proxy settings allows session hijacking due to missing attributes for sensitive cookie settings in HTTPS sessions. This issue affects: * OTRS 7.0.X * OTRS 8.0.X * OTRS 2023.X * OTRS 2024.X
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
Vulnerability Type
HTTPS会话中未设置’Secure’属性的敏感Cookie
Vulnerability Title
OTRS 安全漏洞
Vulnerability Description
OTRS是德国OTRS公司的一个服务管理解决方案。 OTRS存在安全漏洞,该漏洞源于缺少HTTPS会话中敏感cookie设置的属性,OTRS应用程序服务器和反向代理设置中的漏洞允许会话劫持。
CVSS Information
N/A
Vulnerability Type
N/A