PT-2008-5027 · Gallery · Gallery

Publicado

2008-09-18

Atualizado

2018-10-11

CVE-2008-3662

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Gallery versions prior to 1.5.9 Gallery versions 2.x prior to 2.2.6

Description The issue allows remote attackers to capture session cookies more easily because the secure flag is not set for the session cookie in an https session. This can cause the cookie to be sent in http requests.

Recommendations For Gallery versions prior to 1.5.9, update to version 1.5.9 or later to set the secure flag for the session cookie. For Gallery versions 2.x prior to 2.2.6, update to version 2.2.6 or later to set the secure flag for the session cookie.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-310

Identificadores relacionados

CVE-2008-3662

Produtos afetados

Gallery

PT-2008-5027 · Gallery · Gallery

CVE-2008-3662

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 12