CVE-2008-3102

EPSS 1.25%
Veröffentlicht 24.09.2008 11:42:25
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Mantis 1.1.x through 1.1.2 and 1.2.x through 1.2.0a2 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 15

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mantisbt ≫ Mantisbt Version1.1.0

Mantisbt ≫ Mantisbt Version1.1.1

Mantisbt ≫ Mantisbt Version1.1.2

Mantisbt ≫ Mantisbt Version1.2.0a1

Mantisbt ≫ Mantisbt Version1.2.0a2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.25%	0.774

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

http://int21.de/cve/CVE-2008-3102-mantis.html

http://secunia.com/advisories/32243

Vendor Advisory

http://secunia.com/advisories/32330

Vendor Advisory

http://secunia.com/advisories/32975

Vendor Advisory

http://securityreason.com/securityalert/4298

http://www.gentoo.org/security/en/glsa/glsa-200812-07.xml

http://www.securityfocus.com/archive/1/496625/100/0/threaded

http://www.securityfocus.com/archive/1/496684/100/0/threaded

http://www.securityfocus.com/bid/31344

https://exchange.xforce.ibmcloud.com/vulnerabilities/45395

https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00504.html

https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00648.html

https://nvd.nist.gov/vuln/detail/CVE-2008-3102

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-3102

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-3102

EUVD