CVE-2009-3584

SQL-Ledger 2.8.24 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

Session fixation

SQL-Ledger 2.8.24 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

UBUNTU-CVE-2009-3584

SQL-Ledger 2.8.24 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

CVE-2009-3584

SQL-Ledger 2.8.24 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

CVE-2009-3584

SQL-Ledger 2.8.24 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

CVE-2009-3584

CVE-2009-3584 involves SQL-Ledger 2.8.24 where the session cookie’s secure flag is not set in HTTPS, enabling potential cookie interception in HTTP sessions. The available connected sources confirm the affected product (SQL-Ledger 2.8.24) and the vulnerability class (cookie security flag misconfi...

CVE-2009-3584

SQL-Ledger 2.8.24 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

TLS: MITM attacks via session renegotiation

The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services IIS 7.0, modssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services NSS 3.12.4 and earlier, multiple Cis...

Firefox不安全协议地址栏欺骗漏洞

BUGTRAQ ID: 37367 CVE ID: CVE-2009-3984 Firefox是一款流行的开源WEB浏览器。 通过http:或file:等不安全协议所加载的页面将其document.location设置为响应204状态和空响应体的https: URL。不安全的网页接受地址栏边的SSL指示符，但没有对页面进行任何修改，这可能导致用户在访问不安全网页的时候误以为正在访问安全的网页。 Mozilla Firefox 3.5.x Mozilla Firefox 3.0.x Mozilla SeaMonkey 2.0 厂商补丁： Debian ------...

Mozilla SSL spoofing with document.location and empty SSL response page

Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to spoof an SSL indicator for an http URL or a file URL by setting document.location to an https URL corresponding to a site that responds with a No Content aka 204 status code and an empty...

CVE-2009-4302

login/indexform.html in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 links to an index page on the HTTP port even when the page is served from an HTTPS port, which might cause login credentials to be sent in cleartext, even when SSL is intended, and allows remote attackers to obtain these...

Design/Logic Flaw

login/indexform.html in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 links to an index page on the HTTP port even when the page is served from an HTTPS port, which might cause login credentials to be sent in cleartext, even when SSL is intended, and allows remote attackers to obtain these...

CVE-2009-4302

login/indexform.html in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 links to an index page on the HTTP port even when the page is served from an HTTPS port, which might cause login credentials to be sent in cleartext, even when SSL is intended, and allows remote attackers to obtain these...

CVE-2009-4302

login/indexform.html in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 links to an index page on the HTTP port even when the page is served from an HTTPS port, which might cause login credentials to be sent in cleartext, even when SSL is intended, and allows remote attackers to obtain these...

CVE-2009-4302

The CVE-2009-4302 issue affects Moodle: login/index_form.html in Moodle 1.8 (before 1.8.11) and 1.9 (before 1.9.7) links to an HTTP page even when served over HTTPS, which can cause credentials to be transmitted in cleartext. This is a remote vulnerability allowing credential sniffing. Supported ...

Location bar spoofing vulnerabilities — Mozilla

Security researcher Jonathan Morgan reported that when a page loaded over an insecure protocol, such as http: or file:, sets its document.location to a https: URL which responds with a 204 status and empty response body, the insecure page will receive SSL indicators near the location bar, but wil...

MDVA-2009:249 : mdkonline

This update fixes several issues regarding the live upgrade to a more recent distribution, notably: - new distributions are now only presented after all updates were applied. - if current distribution is no more supported, we will warn about it and offer to upgrade to a newer release - makes the...

MDVA-2009:251 : mdkonline

This update fixes several issues regarding the live upgrade to a more recent distribution, notably: - new distributions are now only presented after all updates were applied. - if current distribution is no more supported, we will about it and offer to upgrade to a newer release It also fix a...

FreeBSD Security Advisory (FreeBSD-SA-09:15.ssl.asc)

The remote host is missing an update to the system as announced in the referenced advisory FreeBSD-SA-09:15.ssl.asc SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

FreeBSD Security Advisory (FreeBSD-SA-09:15.ssl.asc)

The remote host is missing an update to the system as announced in the referenced advisory FreeBSD-SA-09:15.ssl.asc ADV FreeBSD-SA-09:15.ssl.asc OpenVAS Vulnerability Test $ Description: Auto generated from ADV FreeBSD-SA-09:15.ssl.asc Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...