exploitDog

CVE-2008-3102

Опубликовано: 09 июл. 2008

Источник: redhat

EPSS Низкий

Описание

Mantis 1.1.x through 1.1.2 and 1.2.x through 1.2.0a2 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.

Ссылки на источники

Дополнительная информация

Статус:

Moderate

https://bugzilla.redhat.com/show_bug.cgi?id=464134mantis session hijacking

EPSS

Процентиль: 79%

0.01248

Низкий

Связанные уязвимости

CVE-2008-3102

ubuntu

почти 17 лет назад

Mantis 1.1.x through 1.1.2 and 1.2.x through 1.2.0a2 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.

CVE-2008-3102

nvd

почти 17 лет назад

Mantis 1.1.x through 1.1.2 and 1.2.x through 1.2.0a2 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.

CVE-2008-3102

debian

почти 17 лет назад

Mantis 1.1.x through 1.1.2 and 1.2.x through 1.2.0a2 does not set the ...

GHSA-gf43-jcc9-q7jf

github

больше 3 лет назад

Mantis 1.1.x through 1.1.2 and 1.2.x through 1.2.0a2 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.

EPSS

Процентиль: 79%

0.01248

Низкий