5
CVE-2008-3661
- EPSS 2.5%
- Veröffentlicht 23.09.2008 15:25:42
- Zuletzt bearbeitet 16.06.2026 22:56:15
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Drupal, probably 5.10 and 6.4, does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.5% | 0.826 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
http://int21.de/cve/CVE-2008-3661-drupal.html
http://www.securityfocus.com/archive/1/496575/100/0/threaded
http://www.securityfocus.com/bid/31285
https://exchange.xforce.ibmcloud.com/vulnerabilities/45298