The Triton management interface ( 7.7.3 on windows 2008 R2) runs a vulnerable apache daemon, in which for example the HTTPonly cookie can be read by javascript by an error in the "400 BAD REQUEST" message.
Used in combination with XSS the security provided by the httponly cookie can be circumvented, possibly leading to mis-use of the cookie
<<picture available>>
RFE: please use a newer version of apache for Triton ( at least 2.2.22 or higher )
Internal reference: M05
↧
apache daemon vulnerable in triton 7.7.3
↧