CVE-2008-3662

NONECVSS 0.0

0.0

Gallery before 1.5.9, and 2.x before 2.2.6, does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.

🔗 References (22)

cve@mitrehttp://gallery.menalto.com/gallery_1.5.9_released
cve@mitrehttp://gallery.menalto.com/gallery_2.2.6_released
cve@mitrehttp://int21.de/cve/CVE-2008-3662-gallery.html
cve@mitrehttp://seclists.org/fulldisclosure/2008/Sep/0379.html
cve@mitrehttp://secunia.com/advisories/32662
cve@mitrehttp://secunia.com/advisories/33144
cve@mitrehttp://security.gentoo.org/glsa/glsa-200811-02.xml
cve@mitrehttp://www.securityfocus.com/archive/1/496509/100/0/threaded
cve@mitrehttp://www.securityfocus.com/bid/31231
cve@mitrehttps://www.redhat.com/archives/fedora-package-announce/2008-December/msg00794.html
cve@mitrehttps://www.redhat.com/archives/fedora-package-announce/2008-December/msg00832.html
af854a3a-2127-422b-91ae-364da2661108http://gallery.menalto.com/gallery_1.5.9_released
af854a3a-2127-422b-91ae-364da2661108http://gallery.menalto.com/gallery_2.2.6_released
af854a3a-2127-422b-91ae-364da2661108http://int21.de/cve/CVE-2008-3662-gallery.html
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2008/Sep/0379.html

Is Your Infrastructure Affected by CVE-2008-3662?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2008-3662

📅 Published

🔄 Last Modified

🔗 References (22)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2008-3662?