Описание
Mantis before 1.1.3 does not unset the session cookie during logout, which makes it easier for remote attackers to hijack sessions.
Mantis before 1.1.3 does not unset the session cookie during logout, which makes it easier for remote attackers to hijack sessions.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2008-4689
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46084
- http://secunia.com/advisories/32975
- http://www.gentoo.org/security/en/glsa/glsa-200812-07.xml
- http://www.mantisbt.org/bugs/changelog_page.php
- http://www.mantisbt.org/bugs/file_download.php?file_id=1988&type=bug
- http://www.mantisbt.org/bugs/view.php?id=9664
- http://www.openwall.com/lists/oss-security/2008/10/20/1
Связанные уязвимости
ubuntu
больше 17 лет назад
Mantis before 1.1.3 does not unset the session cookie during logout, which makes it easier for remote attackers to hijack sessions.
redhat
больше 17 лет назад
Mantis before 1.1.3 does not unset the session cookie during logout, which makes it easier for remote attackers to hijack sessions.
nvd
больше 17 лет назад
Mantis before 1.1.3 does not unset the session cookie during logout, which makes it easier for remote attackers to hijack sessions.
debian
больше 17 лет назад
Mantis before 1.1.3 does not unset the session cookie during logout, w ...