Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3661

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2008-3661
Last Modified 05 Feb 2009 01:46:05
Published 23 Sep 2008 11:25:42
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-3661

Summary

Drupal, probably 5.10 and 6.4, does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.

Vulnerable Systems

Application

  • Drupal


References

XF - drupal-cookie-session-hijacking(45298)

BID - 31285

BUGTRAQ - 20080920 drupal: Session hijacking vulnerability, CVE-2008-3661

MISC - http://int21.de/cve/CVE-2008-3661-drupal.html


Last Updated: 27 May 2016 10:48:15