CVE-2008-3662

Published: Sep 18, 2008

Modified: Aug 7, 2024

PUBLISHED

Description

Gallery before 1.5.9, and 2.x before 2.2.6, does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

GLSA-200811-02

vendor-advisory

x_refsource_GENTOO

33144

third-party-advisory

x_refsource_SECUNIA

32662

third-party-advisory

x_refsource_SECUNIA

FEDORA-2008-11258

vendor-advisory

x_refsource_FEDORA

20080918 menalto gallery: Session hijacking vulnerability, CVE-2008-3662

mailing-list

x_refsource_BUGTRAQ

31231

vdb-entry

x_refsource_BID

http://int21.de/cve/CVE-2008-3662-gallery.html

x_refsource_MISC

http://gallery.menalto.com/gallery_2.2.6_released

x_refsource_CONFIRM

http://gallery.menalto.com/gallery_1.5.9_released

x_refsource_CONFIRM

20080918 menalto gallery: Session hijacking vulnerability, CVE-2008-3662

mailing-list

x_refsource_FULLDISC

FEDORA-2008-11230

vendor-advisory

x_refsource_FEDORA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2008-3662

Description

Affected Products

References