Lucene search
PRIOn knowledge basePRION:CVE-2009-3584HistoryDec 23, 2009 - 6:30 p.m.
Session fixation
2009-12-2318:30:00
PRIOn knowledge base
www.prio-n.com
2
6.8 Medium
AI Score
Confidence
Low
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.004 Low
EPSS
Percentile
72.3%
SQL-Ledger 2.8.24 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
| CPE | Name | Operator | Version |
|---|---|---|---|
| sql-ledger | eq | 2.8.24 |
Related
ubuntucve
ubuntucve
CVE-2009-3584
2009-12-23 00:00:00
cve
cve
CVE-2009-3584
2009-12-23 18:30:00
debiancve
debiancve
CVE-2009-3584
2009-12-23 18:30:00
seebug
seebug
SQL-Ledger ERP多个输入验证和绕过安全限制漏洞
2009-12-25 00:00:00
securityvulns
securityvulns
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2009-12-22 00:00:00
FWD: LedgerSMB Security Advisory: Multiple Vulnerabilities
2010-01-26 00:00:00
SQL-Ledger – several vulnerabilities
2009-12-22 00:00:00
packetstorm
packetstorm
SQL-Ledger XSS / XSRF / SQL Injection / LFI
2009-12-22 00:00:00
openvas
openvas
SQL-Ledger Multiple Vulnerabilities
2009-12-31 00:00:00
SQL-Ledger Multiple Vulnerabilities
2009-12-31 00:00:00
6.8 Medium
AI Score
Confidence
Low
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.004 Low
EPSS
Percentile
72.3%
Related for PRION:CVE-2009-3584