Lucene search
FreeBSD00D6040A-B8E0-11DD-A578-0030843D3802HistoryOct 14, 2008 - 12:00 a.m.
mantis -- session hijacking vulnerability
2008-10-1400:00:00
vuxml.freebsd.org
7
0.005 Low
EPSS
Percentile
75.4%
The mantis Team reports:
When configuring a web application to use only ssl (e. g. by
forwarding all http-requests to https), a user would expect that
sniffing and hijacking the session is impossible.
Though, for this to be secure, one needs to set the session cookie to
have the secure flag. Else the cookie will be transferred through http
if the victim’s browser does a single http-request on the same domain.
Related
securityvulns
securityvulns
cve
cve
CVE-2008-3102
2008-09-24 11:42:00
openvas
openvas
FreeBSD Ports: mantis
2008-11-24 00:00:00
Fedora Update for mantis FEDORA-2008-8925
2009-02-17 00:00:00
Fedora Update for mantis FEDORA-2008-9015
2009-02-17 00:00:00
fedora
fedora
[SECURITY] Fedora 8 Update: mantis-1.1.4-1.fc8
2008-10-20 22:17:57
[SECURITY] Fedora 9 Update: mantis-1.1.4-1.fc9
2008-10-20 20:28:13
cvelist
cvelist
CVE-2008-3102
2008-09-24 10:00:00
nessus
nessus
Fedora 8 : mantis-1.1.4-1.fc8 (2008-9015)
2008-10-21 00:00:00
FreeBSD : mantis -- session hijacking vulnerability (00d6040a-b8e0-11dd-a578-0030843d3802)
2008-11-24 00:00:00
Fedora 9 : mantis-1.1.4-1.fc9 (2008-8925)
2008-10-21 00:00:00
prion
prion
Design/Logic Flaw
2008-09-24 11:42:00
ubuntucve
ubuntucve
CVE-2008-3102
2008-09-24 00:00:00
gentoo
gentoo
Mantis: Multiple vulnerabilities
2008-12-02 00:00:00