CVE-2008-3662

medium

Description

Gallery before 1.5.9, and 2.x before 2.2.6, does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.

References

https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00832.html

https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00794.html

http://www.securityfocus.com/bid/31231

http://www.securityfocus.com/archive/1/496509/100/0/threaded

http://security.gentoo.org/glsa/glsa-200811-02.xml

http://secunia.com/advisories/33144

http://secunia.com/advisories/32662

http://seclists.org/fulldisclosure/2008/Sep/0379.html

http://int21.de/cve/CVE-2008-3662-gallery.html

http://gallery.menalto.com/gallery_2.2.6_released

http://gallery.menalto.com/gallery_1.5.9_released

Details

Source: Mitre, NVD

Published: 2008-09-18

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N