exploitDog

CVE-2008-3662

Опубликовано: 18 сент. 2008

Источник: redhat

EPSS Низкий

Описание

Gallery before 1.5.9, and 2.x before 2.2.6, does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.

Ссылки на источники

Дополнительная информация

Статус:

Moderate

https://bugzilla.redhat.com/show_bug.cgi?id=462870gallery2 session hijacking vulnerability

EPSS

Процентиль: 75%

0.00874

Низкий

Связанные уязвимости

CVE-2008-3662

ubuntu

больше 17 лет назад

Gallery before 1.5.9, and 2.x before 2.2.6, does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.

CVE-2008-3662

nvd

больше 17 лет назад

Gallery before 1.5.9, and 2.x before 2.2.6, does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.

CVE-2008-3662

debian

больше 17 лет назад

Gallery before 1.5.9, and 2.x before 2.2.6, does not set the secure fl ...

GHSA-38vp-pppf-865m

github

почти 4 года назад

Gallery before 1.5.9, and 2.x before 2.2.6, does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.

EPSS

Процентиль: 75%

0.00874

Низкий