Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2558

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2008-2558
Last Modified 10 Sep 2008 09:10:50
Published 05 Jun 2008 05:32:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-2558

Summary

CRE Loaded 6.2.13.1 and earlier does not set the "Secure" attribute for cookies that are sent over HTTPS, which might allow remote attackers to sniff the cookies if they are sent over HTTP.

Vulnerable Systems

Application

  • Cre Loaded 6.2.13.1


References

XF - creloaded-secure-mitm(42889)

MISC - http://oscommerceuniversity.com/lounge/index.php?topic=255.0


Last Updated: 27 May 2016 10:47:54