PT-2009-5867 · Sql Ledger+1 · Sql-Ledger+1

Publicado

2009-12-23

Atualizado

2018-10-10

CVE-2009-3584

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions SQL-Ledger version 2.8.24

Description The issue allows remote attackers to capture the session cookie by intercepting its transmission within an http session, as the secure flag for the session cookie is not set in an https session.

Recommendations For SQL-Ledger version 2.8.24, consider setting the secure flag for the session cookie manually to prevent it from being transmitted over an insecure http session. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-16

Identificadores relacionados

CVE-2009-3584

Produtos afetados

Debian

Sql-Ledger

PT-2009-5867 · Sql Ledger+1 · Sql-Ledger+1

CVE-2009-3584

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 14