CVE-2008-3662
Severity CVSS v4.0:
Pending analysis
Type:
CWE-310
Cryptographic Issues
Publication date:
18/09/2008
Last modified:
11/10/2018
Description
Gallery before 1.5.9, and 2.x before 2.2.6, does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
Impact
Base Score 2.0
5.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:gallery:gallery:*:*:*:*:*:*:*:* | 2.2.5 (including) | |
| cpe:2.3:a:gallery:gallery:2.2.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:gallery:gallery:2.2.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:gallery:gallery:2.2.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:gallery:gallery:2.2.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:gallery:gallery:2.2.4:*:*:*:*:*:*:* | ||
| cpe:2.3:a:gallery:gallery:*:*:*:*:*:*:*:* | 1.5.8 (including) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://gallery.menalto.com/gallery_1.5.9_released
- http://gallery.menalto.com/gallery_2.2.6_released
- http://int21.de/cve/CVE-2008-3662-gallery.html
- http://seclists.org/fulldisclosure/2008/Sep/0379.html
- http://secunia.com/advisories/32662
- http://secunia.com/advisories/33144
- http://security.gentoo.org/glsa/glsa-200811-02.xml
- http://www.securityfocus.com/archive/1/496509/100/0/threaded
- http://www.securityfocus.com/bid/31231
- https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00794.html
- https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00832.html