Lucene search

[email protected]CVE-2008-2558

HistoryJun 05, 2008 - 9:32 p.m.

CVE-2008-2558

2008-06-0521:32:00

CWE-310

[email protected]

web.nvd.nist.gov

cve-2008-2558

cre loaded

cookie security

https

nvd

7.5 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

60.8%

JSON

CRE Loaded 6.2.13.1 and earlier does not set the “Secure” attribute for cookies that are sent over HTTPS, which might allow remote attackers to sniff the cookies if they are sent over HTTP.

CPENameOperatorVersion
cre_loaded:cre_loadedcre loadedle6.2.13.1

CPE	Name	Operator	Version
cre_loaded:cre_loaded	cre loaded	le	6.2.13.1

References

oscommerceuniversity.com/lounge/index.php?topic=255.0

exchange.xforce.ibmcloud.com/vulnerabilities/42889

7.5 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

60.8%

JSON

Related for CVE-2008-2558

cvelist1 prion1