CVE-2008-3102 Information

Feb 14, 2021 cve

Description

Mantis 1.1.x through 1.1.2 and 1.2.x through 1.2.0a2 does not set the secure flag for the session cookie in an https session which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.

Reference

http://int21.de/cve/CVE-2008-3102-mantis.html http://secunia.com/advisories/32243 http://secunia.com/advisories/32330 http://secunia.com/advisories/32975 http://securityreason.com/securityalert/4298 http://www.gentoo.org/security/en/glsa/glsa-200812-07.xml http://www.securityfocus.com/archive/1/496625/100/0/threaded http://www.securityfocus.com/archive/1/496684/100/0/threaded http://www.securityfocus.com/bid/31344 https://exchange.xforce.ibmcloud.com/vulnerabilities/45395 https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00504.html https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00648.html

Share on: