6.5 Medium
AI Score
Confidence
High
0.005 Low
EPSS
Percentile
75.8%
Cookie.php in Piwik before 1.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
dev.piwik.org/trac/ticket/1795
osvdb.org/70382
piwik.org/blog/2011/01/piwik-1-1-2/
www.securityfocus.com/bid/45787
exchange.xforce.ibmcloud.com/vulnerabilities/64639