Lucene search
HistorySep 23, 2008 - 3:25 p.m.
CVE-2008-3661
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
6.4 Medium
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
60.0%
Drupal, probably 5.10 and 6.4, does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
Affected configurations
Node
drupaldrupalMatch5.10
ORdrupaldrupalMatch6.4
Related
openvas
openvas
Fedora Core 9 FEDORA-2009-4203 (drupal)
2009-05-05 00:00:00
Fedora Update for drupal FEDORA-2008-8852
2009-02-17 00:00:00
Fedora Core 9 FEDORA-2009-4203 (drupal)
2009-05-05 00:00:00
fedora
fedora
[SECURITY] Fedora 9 Update: drupal-6.5-1.fc9
2008-10-16 02:09:24
[SECURITY] Fedora 8 Update: drupal-5.13-1.fc8
2008-12-13 14:55:09
[SECURITY] Fedora 9 Update: drupal-6.9-1.fc9
2009-01-16 23:47:50
securityvulns
securityvulns
drupal: Session hijacking vulnerability, CVE-2008-3661
2008-09-24 00:00:00
cve
cve
CVE-2008-3661
2008-09-23 15:25:42
nessus
nessus
Fedora 8 : drupal-5.11-1.fc8 (2008-8905)
2008-10-16 00:00:00
Fedora 9 : drupal-6.5-1.fc9 (2008-8852)
2008-10-16 00:00:00
prion
prion
Design/Logic Flaw
2008-09-23 15:25:00
cvelist
cvelist
CVE-2008-3661
2008-09-23 15:00:00
ubuntucve
ubuntucve
CVE-2008-3661
2008-09-23 00:00:00
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
6.4 Medium
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
60.0%
Related for NVD:CVE-2008-3661