Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2008-3662

Опубликовано: 18 сент. 2008
Источник: nvd
CVSS2: 5
EPSS Низкий

Описание

Gallery before 1.5.9, and 2.x before 2.2.6, does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:gallery:gallery:*:*:*:*:*:*:*:*
Версия до 2.2.5 (включая)
cpe:2.3:a:gallery:gallery:2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:gallery:gallery:2.2.1:*:*:*:*:*:*:*
cpe:2.3:a:gallery:gallery:2.2.2:*:*:*:*:*:*:*
cpe:2.3:a:gallery:gallery:2.2.3:*:*:*:*:*:*:*
cpe:2.3:a:gallery:gallery:2.2.4:*:*:*:*:*:*:*
Конфигурация 2
cpe:2.3:a:gallery:gallery:*:*:*:*:*:*:*:*
Версия до 1.5.8 (включая)

EPSS

Процентиль: 75%
0.00874
Низкий

5 Medium

CVSS2

Дефекты

CWE-310

Связанные уязвимости

ubuntu логотип

CVE-2008-3662

ubuntu
около 17 лет назад

Gallery before 1.5.9, and 2.x before 2.2.6, does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.

redhat логотип

CVE-2008-3662

redhat
около 17 лет назад

Gallery before 1.5.9, and 2.x before 2.2.6, does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.

debian логотип

CVE-2008-3662

debian
около 17 лет назад

Gallery before 1.5.9, and 2.x before 2.2.6, does not set the secure fl ...

github логотип

GHSA-38vp-pppf-865m

github
больше 3 лет назад

Gallery before 1.5.9, and 2.x before 2.2.6, does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.

EPSS

Процентиль: 75%
0.00874
Низкий

5 Medium

CVSS2

Дефекты

CWE-310