NVD

Id
2986  
Name
CVE-2008-3102  
Description
Mantis 1.1.x through 1.1.2 and 1.2.x through 1.2.0a2 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.  
Reject
 
CVSS Version
2  
CVSS Score
5  
Severity
Medium  
CVSS Base Score
5  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:P/I:N/A:N)  
Pub Date
2017-01-03  
Published
2008-09-24  
Modified Date
2010-12-28  
Seq
2008-3102  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
18783 2986 CVE-2008-3102 http://int21.de/cve/CVE-2008-3102-mantis.html  View
18784 2986 CVE-2008-3102 4298  View
18785 2986 CVE-2008-3102 GLSA-200812-07  View
18786 2986 CVE-2008-3102 20080922 menalto gallery: Session hijacking vulnerability, CVE-2008-3102  View
18787 2986 CVE-2008-3102 20080923 mantis CVE-2008-3102 (Re: menalto gallery: Session hijacking vulnerability, CVE-2008-3102)  View
18788 2986 CVE-2008-3102 31344  View
18789 2986 CVE-2008-3102 mantis-cookie-session-hijacking(45395)  View
18790 2986 CVE-2008-3102 FEDORA-2008-8925  View
18791 2986 CVE-2008-3102 FEDORA-2008-9015  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
49318 JVNDB-2008-004628 Mantis におけるセッションクッキーをキャプチャされる脆弱性 Mantis は、https セッション内のセッションクッキーに対して安全フラグを設定しないため、セッションクッキーをキャプチャされる脆弱性が存在します。 CVE-2008-3102 33215 CVE-2008-3102 2986 5 http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-004628.html 2008-09-24 2012-09-25 View