What is the severity of CVE-2014-8775?

CVE-2014-8775 is classified as a medium severity vulnerability due to its potential for cookie theft through remote scripts.

How do I fix CVE-2014-8775?

To fix CVE-2014-8775, update your MODX Revolution installation to version 2.2.15 or later to ensure the HTTPOnly flag is set on session cookies.

What systems are affected by CVE-2014-8775?

CVE-2014-8775 affects all versions of MODX Revolution prior to version 2.2.15.

What type of vulnerability is CVE-2014-8775?

CVE-2014-8775 is an information disclosure vulnerability that allows attackers to access sensitive cookie data.

Are there any known exploits for CVE-2014-8775?

Yes, CVE-2014-8775 has been referenced in discussions regarding remote attacks using cross-site scripting techniques.

Vulnerability/
CVE-2014-8775

medium

CWE

200

3/12/2014

6/8/2024

CVE-2014-8775: Infoleak

First published: Wed Dec 03 2014(Updated: )

MODX Revolution 2.x before 2.2.15 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
MODx Revolution	=2.0.0
MODx Revolution	=2.0.1
MODx Revolution	=2.0.3
MODx Revolution	=2.0.4
MODx Revolution	=2.0.5
MODx Revolution	=2.0.6
MODx Revolution	=2.0.7
MODx Revolution	=2.0.8
MODx Revolution	=2.1.0
MODx Revolution	=2.1.1
MODx Revolution	=2.1.2
MODx Revolution	=2.1.3
MODx Revolution	=2.1.4
MODx Revolution	=2.1.5
MODx Revolution	=2.2.0
MODx Revolution	=2.2.1
MODx Revolution	=2.2.2
MODx Revolution	=2.2.3
MODx Revolution	=2.2.4
MODx Revolution	=2.2.5
MODx Revolution	=2.2.6
MODx Revolution	=2.2.7
MODx Revolution	=2.2.8
MODx Revolution	=2.2.9
MODx Revolution	=2.2.10
MODx Revolution	=2.2.11
MODx Revolution	=2.2.12
MODx Revolution	=2.2.13
MODx Revolution	=2.2.14

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2014-8775?
CVE-2014-8775 is classified as a medium severity vulnerability due to its potential for cookie theft through remote scripts.
How do I fix CVE-2014-8775?
To fix CVE-2014-8775, update your MODX Revolution installation to version 2.2.15 or later to ensure the HTTPOnly flag is set on session cookies.
What systems are affected by CVE-2014-8775?
CVE-2014-8775 affects all versions of MODX Revolution prior to version 2.2.15.
What type of vulnerability is CVE-2014-8775?
CVE-2014-8775 is an information disclosure vulnerability that allows attackers to access sensitive cookie data.
Are there any known exploits for CVE-2014-8775?
Yes, CVE-2014-8775 has been referenced in discussions regarding remote attacks using cross-site scripting techniques.

agent/references
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/severity
agent/weakness
agent/author
agent/description
agent/event
agent/first-publish-date
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/modx
canonical/modx revolution
version/modx revolution/2.0.0
version/modx revolution/2.0.1
version/modx revolution/2.0.3
version/modx revolution/2.0.4
version/modx revolution/2.0.5
version/modx revolution/2.0.6
version/modx revolution/2.0.7
version/modx revolution/2.0.8
version/modx revolution/2.1.0
version/modx revolution/2.1.1
version/modx revolution/2.1.2
version/modx revolution/2.1.3
version/modx revolution/2.1.4
version/modx revolution/2.1.5
version/modx revolution/2.2.0
version/modx revolution/2.2.1
version/modx revolution/2.2.2
version/modx revolution/2.2.3
version/modx revolution/2.2.4
version/modx revolution/2.2.5
version/modx revolution/2.2.6
version/modx revolution/2.2.7
version/modx revolution/2.2.8
version/modx revolution/2.2.9
version/modx revolution/2.2.10
version/modx revolution/2.2.11
version/modx revolution/2.2.12
version/modx revolution/2.2.13
version/modx revolution/2.2.14