Lucene search
HistorySep 23, 2008 - 3:25 p.m.
CVE-2008-3661
cve-2008-3661
drupal
session cookie
secure flag
vulnerability
nvd
6.2 Medium
AI Score
Confidence
Low
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.002 Low
EPSS
Percentile
59.6%
Drupal, probably 5.10 and 6.4, does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
| CPE | Name | Operator | Version |
|---|---|---|---|
| drupal:drupal | drupal | eq | 5.10 |
| drupal:drupal | drupal | eq | 6.4 |
Related
openvas
openvas
Fedora Update for drupal FEDORA-2008-11213
2009-02-13 00:00:00
Fedora Core 9 FEDORA-2009-0678 (drupal)
2009-01-20 00:00:00
Fedora Core 9 FEDORA-2009-4997 (drupal)
2009-05-20 00:00:00
ubuntucve
ubuntucve
CVE-2008-3661
2008-09-23 00:00:00
nessus
nessus
Fedora 9 : drupal-6.5-1.fc9 (2008-8852)
2008-10-16 00:00:00
Fedora 8 : drupal-5.11-1.fc8 (2008-8905)
2008-10-16 00:00:00
fedora
fedora
[SECURITY] Fedora 9 Update: drupal-6.11-1.fc9
2009-05-02 16:40:42
[SECURITY] Fedora 9 Update: drupal-6.6-1.fc9
2008-10-30 12:50:02
[SECURITY] Fedora 8 Update: drupal-5.11-1.fc8
2008-10-16 02:13:40
prion
prion
Design/Logic Flaw
2008-09-23 15:25:00
securityvulns
securityvulns
drupal: Session hijacking vulnerability, CVE-2008-3661
2008-09-24 00:00:00
6.2 Medium
AI Score
Confidence
Low
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.002 Low
EPSS
Percentile
59.6%
Related for CVE-2008-3661