5
CVE-2008-3102
- EPSS 1.88%
- Veröffentlicht 24.09.2008 11:42:25
- Zuletzt bearbeitet 16.06.2026 22:55:05
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Mantis 1.1.x through 1.1.2 and 1.2.x through 1.2.0a2 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.88% | 0.768 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
http://int21.de/cve/CVE-2008-3102-mantis.html
http://secunia.com/advisories/32243
http://secunia.com/advisories/32330
http://secunia.com/advisories/32975
http://securityreason.com/securityalert/4298
http://www.gentoo.org/security/en/glsa/glsa-200812-07.xml
http://www.securityfocus.com/archive/1/496625/100/0/threaded
http://www.securityfocus.com/archive/1/496684/100/0/threaded
http://www.securityfocus.com/bid/31344
https://exchange.xforce.ibmcloud.com/vulnerabilities/45395
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00504.html
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00648.html