Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3057

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2008-3057
Last Modified 05 Feb 2009 01:44:08
Published 03 Dec 2008 12:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-3057

Summary

Octeth Oempro 3.5.5.1, and possibly other versions before 4, does not set the secure flag for the PHPSESSID cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.

Vulnerable Systems

Application

  • Octeth Oempro 3.5.5.1


References

XF - oempro-cookie-session-hijacking(47109)

OSVDB - 50321

MISC - http://osvdb.org/ref/50/oempro.txt

MISC - http://octeth.com/blog/category/oempro4/


Last Updated: 27 May 2016 10:48:04