Lucene search

MitreCVELIST:CVE-2008-3102

HistorySep 24, 2008 - 10:00 a.m.

CVE-2008-3102

2008-09-2410:00:00

mitre

www.cve.org

6.2 Medium

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

75.6%

JSON

Mantis 1.1.x through 1.1.2 and 1.2.x through 1.2.0a2 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.

References

int21.de/cve/CVE-2008-3102-mantis.html

secunia.com/advisories/32243

secunia.com/advisories/32330

secunia.com/advisories/32975

securityreason.com/securityalert/4298

www.gentoo.org/security/en/glsa/glsa-200812-07.xml

www.securityfocus.com/archive/1/496625/100/0/threaded

www.securityfocus.com/archive/1/496684/100/0/threaded

www.securityfocus.com/bid/31344

exchange.xforce.ibmcloud.com/vulnerabilities/45395

www.redhat.com/archives/fedora-package-announce/2008-October/msg00504.html

www.redhat.com/archives/fedora-package-announce/2008-October/msg00648.html