Описание
Mantis before 1.1.3 does not unset the session cookie during logout, which makes it easier for remote attackers to hijack sessions.
Mantis before 1.1.3 does not unset the session cookie during logout, which makes it easier for remote attackers to hijack sessions.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2008-4689
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46084
- http://secunia.com/advisories/32975
- http://www.gentoo.org/security/en/glsa/glsa-200812-07.xml
- http://www.mantisbt.org/bugs/changelog_page.php
- http://www.mantisbt.org/bugs/file_download.php?file_id=1988&type=bug
- http://www.mantisbt.org/bugs/view.php?id=9664
- http://www.openwall.com/lists/oss-security/2008/10/20/1
Связанные уязвимости
ubuntu
почти 17 лет назад
Mantis before 1.1.3 does not unset the session cookie during logout, which makes it easier for remote attackers to hijack sessions.
redhat
почти 17 лет назад
Mantis before 1.1.3 does not unset the session cookie during logout, which makes it easier for remote attackers to hijack sessions.
nvd
почти 17 лет назад
Mantis before 1.1.3 does not unset the session cookie during logout, which makes it easier for remote attackers to hijack sessions.
debian
почти 17 лет назад
Mantis before 1.1.3 does not unset the session cookie during logout, w ...