Cookie without HTTPOnly Flag Set

  • 7009058
  • 26-Jul-2011
  • 10-Dec-2013

Environment

Novell Data Synchronizer Mobility Pack 1.0
Novell Data Synchronizer Mobility Pack 1.1

Situation

Novell Data Synchronizer Mobility Pack 1.1.2, and earlier, has a vulnerability that, in certain circumstances could allow client-side attacks, such as cross-site scripting

Resolution

Status

Security Alert

Additional Information

Notes:
Affected versions:
Novell Data Synchronizer 1.0.x (all builds)
Novell Data Synchronizer 1.1.2 build 428 and earlier.
 
CVE-2011-2224