CVE-2008-3661

Опубликовано: 23 сент. 2008

Источник: nvd

CVSS2: 5

EPSS Низкий

Описание

Drupal, probably 5.10 and 6.4, does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.

Ссылки

http://int21.de/cve/CVE-2008-3661-drupal.html
Third Party Advisory
http://www.securityfocus.com/archive/1/496575/100/0/threaded
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/31285
Third Party Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/45298
Third Party Advisory
VDB Entry
http://int21.de/cve/CVE-2008-3661-drupal.html
Third Party Advisory
http://www.securityfocus.com/archive/1/496575/100/0/threaded
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/31285
Third Party Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/45298
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:drupal:drupal:5.10:*:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:6.4:*:*:*:*:*:*:*

EPSS

Процентиль: 82%

0.01722

Низкий

5 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

CVE-2008-3661

redhat

почти 17 лет назад

CVE-2008-3661

debian

больше 16 лет назад

Drupal, probably 5.10 and 6.4, does not set the secure flag for the se ...

GHSA-q4hh-4qxq-c529

github

около 3 лет назад

EPSS

Процентиль: 82%

0.01722

Низкий

5 Medium

CVSS2

Дефекты

NVD-CWE-Other