CVE-2008-3662 Information

Feb 14, 2021 cve

Description

Gallery before 1.5.9 and 2.x before 2.2.6 does not set the secure flag for the session cookie in an https session which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.

Reference

http://gallery.menalto.com/gallery_1.5.9_released http://gallery.menalto.com/gallery_2.2.6_released http://int21.de/cve/CVE-2008-3662-gallery.html http://seclists.org/fulldisclosure/2008/Sep/0379.html http://secunia.com/advisories/32662 http://secunia.com/advisories/33144 http://security.gentoo.org/glsa/glsa-200811-02.xml http://www.securityfocus.com/archive/1/496509/100/0/threaded http://www.securityfocus.com/bid/31231 https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00794.html https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00832.html

Share on: