Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3662

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2008-3662
Last Modified 06 Feb 2009 01:57:57
Published 18 Sep 2008 02:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-3662

Summary

Gallery before 1.5.9, and 2.x before 2.2.6, does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.

Vulnerable Systems

Application

  • Gallery 1.5.8

  • Gallery 2.2.0

  • Gallery 2.2.1

  • Gallery 2.2.2

  • Gallery 2.2.3

  • Gallery 2.2.4

  • Gallery 2.2.5


References

CONFIRM - http://gallery.menalto.com/gallery_2.2.6_released

CONFIRM - http://gallery.menalto.com/gallery_1.5.9_released

FEDORA - FEDORA-2008-11258

FEDORA - FEDORA-2008-11230

BID - 31231

BUGTRAQ - 20080918 menalto gallery: Session hijacking vulnerability, CVE-2008-3662

GENTOO - GLSA-200811-02

SECUNIA - 33144

SECUNIA - 32662

MISC - http://int21.de/cve/CVE-2008-3662-gallery.html


Last Updated: 27 May 2016 10:48:15