exploitDog

CVE-2008-3661

Опубликовано: 12 авг. 2008

Источник: redhat

EPSS Низкий

Описание

Drupal, probably 5.10 and 6.4, does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.

Ссылки на источники

https://www.cve.org/CVERecord?id=CVE-2008-3661

Дополнительная информация

Статус:

Low

https://bugzilla.redhat.com/show_bug.cgi?id=464162drupal session hijacking

EPSS

Процентиль: 82%

0.01722

Низкий

Связанные уязвимости

CVE-2008-3661

nvd

больше 16 лет назад

Drupal, probably 5.10 and 6.4, does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.

CVE-2008-3661

debian

больше 16 лет назад

Drupal, probably 5.10 and 6.4, does not set the secure flag for the se ...

GHSA-q4hh-4qxq-c529

github

около 3 лет назад

Drupal, probably 5.10 and 6.4, does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.

EPSS

Процентиль: 82%

0.01722

Низкий