Lucene search
HistoryDec 23, 2009 - 6:30 p.m.
CVE-2009-3584
cve-2009-3584
sql-ledger
session cookie
secure flag
https
interception
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
6.2 Medium
AI Score
Confidence
Low
0.004 Low
EPSS
Percentile
72.9%
SQL-Ledger 2.8.24 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
Affected configurations
Node
sql-ledgersql-ledgerMatch2.8.24
| CPE | Name | Operator | Version |
|---|---|---|---|
| sql-ledger:sql-ledger | sql-ledger | eq | 2.8.24 |
Related
cvelist
cvelist
CVE-2009-3584
2009-12-23 18:00:00
nvd
nvd
CVE-2009-3584
2009-12-23 18:30:00
ubuntucve
ubuntucve
CVE-2009-3584
2009-12-23 00:00:00
prion
prion
Session fixation
2009-12-23 18:30:00
debiancve
debiancve
CVE-2009-3584
2009-12-23 18:30:00
seebug
seebug
SQL-Ledger ERP多个输入验证和绕过安全限制漏洞
2009-12-25 00:00:00
packetstorm
packetstorm
SQL-Ledger XSS / XSRF / SQL Injection / LFI
2009-12-22 00:00:00
securityvulns
securityvulns
FWD: LedgerSMB Security Advisory: Multiple Vulnerabilities
2010-01-26 00:00:00
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2009-12-22 00:00:00
SQL-Ledger – several vulnerabilities
2009-12-22 00:00:00
openvas
openvas
SQL-Ledger Multiple Vulnerabilities
2009-12-31 00:00:00
SQL-Ledger Multiple Vulnerabilities
2009-12-31 00:00:00
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
6.2 Medium
AI Score
Confidence
Low
0.004 Low
EPSS
Percentile
72.9%
Related for CVE-2009-3584