CVE-2008-3662

🗓️ 18 Sep 2008 18:00:00Reported by mitreType

Gallery before 1.5.9, and 2.x before 2.2.6, does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie

Reporter	Title	Published	Views	Family All 24
Cvelist	CVE-2008-3662	18 Sep 200818:00	–	cvelist
EUVD	EUVD-2008-3648	7 Oct 202500:30	–	euvd
Fedora	[SECURITY] Fedora 10 Update: gallery2-2.3-1.fc10	13 Dec 200815:01	–	fedora
Fedora	[SECURITY] Fedora 9 Update: gallery2-2.3-1.fc9	13 Dec 200815:08	–	fedora
Fedora	[SECURITY] Fedora 8 Update: gallery2-2.3-1.fc8	13 Dec 200815:03	–	fedora
Tenable Nessus	Fedora 10 : gallery2-2.3-1.fc10 (2008-11218)	23 Apr 200900:00	–	nessus
Tenable Nessus	Fedora 8 : gallery2-2.3-1.fc8 (2008-11230)	15 Dec 200800:00	–	nessus
Tenable Nessus	Fedora 9 : gallery2-2.3-1.fc9 (2008-11258)	15 Dec 200800:00	–	nessus
Tenable Nessus	GLSA-200811-02 : Gallery: Multiple vulnerabilities	11 Nov 200800:00	–	nessus
Gentoo Linux	Gallery: Multiple vulnerabilities	9 Nov 200800:00	–	gentoo

NVD

Node

gallery galleryRange≤2.2.5

gallery galleryMatch2.2.0

gallery galleryMatch2.2.1

gallery galleryMatch2.2.2

gallery galleryMatch2.2.3

gallery galleryMatch2.2.4

Node

gallery galleryRange≤1.5.8

Source	Link
secunia	www.secunia.com/advisories/32662
securityfocus	www.securityfocus.com/archive/1/496509/100/0/threaded
seclists	www.seclists.org/fulldisclosure/2008/Sep/0379.html
securityfocus	www.securityfocus.com/bid/31231
gallery	www.gallery.menalto.com/gallery_1.5.9_released
int21	www.int21.de/cve/CVE-2008-3662-gallery.html
gallery	www.gallery.menalto.com/gallery_2.2.6_released
redhat	www.redhat.com/archives/fedora-package-announce/2008-December/msg00794.html
secunia	www.secunia.com/advisories/33144
redhat	www.redhat.com/archives/fedora-package-announce/2008-December/msg00832.html

23 Apr 2026 00:35Current

6.2Medium risk

Vulners AI Score6.2

CVSS 25

EPSS0.00874

CWE-310