Description
Jenkins before 1.586 does not set the HttpOnly flag in a Set-Cookie header for session cookies when run on Tomcat 7.0.41 or later, which makes it easier for remote attackers to obtain potentially sensitive information via script access to cookies.
Remediation
References
Related Vulnerabilities
Oracle JRE CVE-2012-5088 Vulnerability (CVE-2012-5088)
WordPress Plugin WP Events Calendar SQL Injection (1.0)
WordPress Plugin WP-Mon Arbitrary File Disclosure (0.5.1)
WordPress Plugin Xhanch-My Twitter Multiple Cross-Site Request Forgery Vulnerabilities (2.7.7)
WordPress Plugin Rent-A-Car TimThumb Arbitrary File Upload (1.0)