Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3102

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2008-3102
Last Modified 28 Dec 2010 12:00:00
Published 24 Sep 2008 07:42:25
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-3102

Summary

Mantis 1.1.x through 1.1.2 and 1.2.x through 1.2.0a2 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.

Vulnerable Systems

Application

  • Mantisbt 1.1.0

  • Mantisbt 1.1.1

  • Mantisbt 1.1.2

  • Mantisbt 1.2.0a1

  • Mantisbt 1.2.0a2


References

FEDORA - FEDORA-2008-9015

FEDORA - FEDORA-2008-8925

XF - mantis-cookie-session-hijacking(45395)

BID - 31344

BUGTRAQ - 20080923 mantis CVE-2008-3102 (Re: menalto gallery: Session hijacking vulnerability, CVE-2008-3102)

BUGTRAQ - 20080922 menalto gallery: Session hijacking vulnerability, CVE-2008-3102

GENTOO - GLSA-200812-07

SREASON - 4298

SECUNIA - 32975

SECUNIA - 32330

SECUNIA - 32243

MISC - http://int21.de/cve/CVE-2008-3102-mantis.html


Last Updated: 27 May 2016 10:48:04