{"id":"UBUNTU-CVE-2013-7436","details":"noVNC before 0.5 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.","modified":"2025-07-16T08:10:51.308514Z","published":"2015-04-10T14:59:00Z","withdrawn":"2025-07-18T16:42:57Z","upstream":["CVE-2013-7436"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2013-7436"},{"type":"REPORT","url":"https://github.com/kanaka/noVNC/commit/ad941faddead705cd611921730054767a0b32dcd"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2013-7436"}],"affected":[{"package":{"name":"novnc","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/novnc@1:0.4+dfsg+1+20131010+gitf68af8af3d-4?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:0.4+dfsg+1+20131010+gitf68af8af3d-4"}]}],"ecosystem_specific":{"binaries":[{"binary_version":"1:0.4+dfsg+1+20131010+gitf68af8af3d-4","binary_name":"novnc"},{"binary_version":"1:0.4+dfsg+1+20131010+gitf68af8af3d-4","binary_name":"python-novnc"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2013/UBUNTU-CVE-2013-7436.json"}}],"schema_version":"1.7.3","severity":[{"type":"Ubuntu","score":"medium"}]}