4 matches found
FWD: LedgerSMB Security Advisory: Multiple Vulnerabilities
Hi all; It has been brought to our attention that a number of security vulnerabilities have been noted in SQL-Ledger. Several of these affect earlier versions of LedgerSMB, and three hotfixes have been released for problems that continue to affect the LedgerSMB codebase. As always, we highly...
CVE-2009-3584
SQL-Ledger 2.8.24 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...
CVE-2009-3584
SQL-Ledger 2.8.24 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...
CVE-2009-3584
CVE-2009-3584 involves SQL-Ledger 2.8.24 where the session cookie’s secure flag is not set in HTTPS, enabling potential cookie interception in HTTP sessions. The available connected sources confirm the affected product (SQL-Ledger 2.8.24) and the vulnerability class (cookie security flag misconfi...