Lucene search

[email protected]NVD:CVE-2008-3102

HistorySep 24, 2008 - 11:42 a.m.

CVE-2008-3102

2008-09-2411:42:25

CWE-310

[email protected]

web.nvd.nist.gov

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.4 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

75.6%

JSON

Mantis 1.1.x through 1.1.2 and 1.2.x through 1.2.0a2 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.

Affected configurations

NVD

Node

mantisbtmantisbtMatch1.1.0

mantisbtmantisbtMatch1.1.1

mantisbtmantisbtMatch1.1.2

mantisbtmantisbtMatch1.2.0a1

mantisbtmantisbtMatch1.2.0a2

References

int21.de/cve/CVE-2008-3102-mantis.html

secunia.com/advisories/32243

secunia.com/advisories/32330

secunia.com/advisories/32975

securityreason.com/securityalert/4298

www.gentoo.org/security/en/glsa/glsa-200812-07.xml

www.securityfocus.com/archive/1/496625/100/0/threaded

www.securityfocus.com/archive/1/496684/100/0/threaded

www.securityfocus.com/bid/31344

exchange.xforce.ibmcloud.com/vulnerabilities/45395

www.redhat.com/archives/fedora-package-announce/2008-October/msg00504.html

www.redhat.com/archives/fedora-package-announce/2008-October/msg00648.html

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.4 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

75.6%

JSON

Related for NVD:CVE-2008-3102

nessus4 prion1 cve1 securityvulns2 freebsd1 openvas8 fedora2 cvelist1 ubuntucve1 gentoo1