Описание
Drupal, probably 5.10 and 6.4, does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | ignored | |
| devel | DNE | |
| feisty | ignored | end of life, was needs-triage |
| gutsy | DNE | |
| hardy | DNE | |
| intrepid | DNE | |
| jaunty | DNE | |
| upstream | ignored |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | ignored | |
| feisty | DNE | |
| gutsy | ignored | end of life, was needs-triage |
| hardy | ignored | |
| intrepid | ignored | |
| jaunty | ignored | |
| upstream | ignored |
Показывать по
Ссылки на источники
EPSS
5 Medium
CVSS2
Связанные уязвимости
Drupal, probably 5.10 and 6.4, does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
Drupal, probably 5.10 and 6.4, does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
Drupal, probably 5.10 and 6.4, does not set the secure flag for the se ...
Drupal, probably 5.10 and 6.4, does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
EPSS
5 Medium
CVSS2