Описание
Mantis before 1.1.3 does not unset the session cookie during logout, which makes it easier for remote attackers to hijack sessions.
Ссылки
Уязвимые конфигурации
Конфигурация 1Версия до 1.1.2 (включая)
Одно из
cpe:2.3:a:mantis:mantis:*:*:*:*:*:*:*:*
cpe:2.3:a:mantis:mantis:0.19.3:*:*:*:*:*:*:*
cpe:2.3:a:mantis:mantis:0.19.4:*:*:*:*:*:*:*
cpe:2.3:a:mantis:mantis:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mantis:mantis:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mantis:mantis:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mantis:mantis:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:mantis:mantis:1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:mantis:mantis:1.0.6:*:*:*:*:*:*:*
cpe:2.3:a:mantis:mantis:1.0.7:*:*:*:*:*:*:*
cpe:2.3:a:mantis:mantis:1.0.8:*:*:*:*:*:*:*
cpe:2.3:a:mantis:mantis:1.1.1:*:*:*:*:*:*:*
EPSS
Процентиль: 77%
0.01112
Низкий
7.5 High
CVSS2
Дефекты
CWE-287
Связанные уязвимости
ubuntu
почти 17 лет назад
Mantis before 1.1.3 does not unset the session cookie during logout, which makes it easier for remote attackers to hijack sessions.
redhat
почти 17 лет назад
Mantis before 1.1.3 does not unset the session cookie during logout, which makes it easier for remote attackers to hijack sessions.
debian
почти 17 лет назад
Mantis before 1.1.3 does not unset the session cookie during logout, w ...
github
больше 3 лет назад
Mantis before 1.1.3 does not unset the session cookie during logout, which makes it easier for remote attackers to hijack sessions.
EPSS
Процентиль: 77%
0.01112
Низкий
7.5 High
CVSS2
Дефекты
CWE-287