Lucene search
MitreCVELIST:CVE-2008-3661HistorySep 23, 2008 - 3:00 p.m.
CVE-2008-3661
2008-09-2315:00:00
mitre
www.cve.org
Drupal, probably 5.10 and 6.4, does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
Related
openvas
openvas
Fedora Core 9 FEDORA-2009-4203 (drupal)
2009-05-05 00:00:00
Fedora Update for drupal FEDORA-2008-8852
2009-02-17 00:00:00
Fedora Core 9 FEDORA-2009-4203 (drupal)
2009-05-05 00:00:00
fedora
fedora
[SECURITY] Fedora 9 Update: drupal-6.5-1.fc9
2008-10-16 02:09:24
[SECURITY] Fedora 8 Update: drupal-5.13-1.fc8
2008-12-13 14:55:09
[SECURITY] Fedora 9 Update: drupal-6.11-1.fc9
2009-05-02 16:40:42
securityvulns
securityvulns
drupal: Session hijacking vulnerability, CVE-2008-3661
2008-09-24 00:00:00
cve
cve
CVE-2008-3661
2008-09-23 15:25:42
nessus
nessus
Fedora 8 : drupal-5.11-1.fc8 (2008-8905)
2008-10-16 00:00:00
Fedora 9 : drupal-6.5-1.fc9 (2008-8852)
2008-10-16 00:00:00
prion
prion
Design/Logic Flaw
2008-09-23 15:25:00
nvd
nvd
CVE-2008-3661
2008-09-23 15:25:42
ubuntucve
ubuntucve
CVE-2008-3661
2008-09-23 00:00:00