Red Hat Bugzilla – Bug 713477
[RFE] RHN Satellite / Spacewalk: Enable HTTPOnly cookies support in Satellite / Spacewalk (CWE-79)
Last modified: 2012-03-08 04:06:43 EST
Implementing support for HTTPOnly cookies (access allowed only for server
and prohibited for client script) in Red Hat Network Satellite / Spacewalk
services could block exploitation of some XSS flaws.
*** Bug 710620 has been marked as a duplicate of this bug. ***
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.
The issue has been addressed in Spacewalk master by
713477 - made session cookies httponly
Fixed package: spacewalk-config-1.6.2-1