Loading
Zenoss Core through 5 Beta 3 does not include the HTTPOnly flag in a Set-Cookie header for the authentication cookie, which makes it easier for remote attackers to obtain credential information via script access to this cookie, aka ZEN-10418.
Cite this page
CVE-2014-9250. CVEDatabase.com. Retrieved 1 May 2026. https://cvedatabase.com/cve/CVE-2014-9250
Use CWE-200, Zenoss vendor hub and Zenoss Core product page to widen CVE-2014-9250 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2014-6261, CVE-2014-6262 and CVE-2014-9249 for nearby disclosures in the same product family.