CVE-2008-4122

High

Joomla! 1.5.8 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to…

mitre·CWE-319·Published 2008-12-19

CVSS

7.5

EPSS

0.01

KEV

Exploits

cve.orgen

209 chars

Joomla! 1.5.8 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.

NVDen

209 chars

NVDes

206 chars

Joomla! 1.5.8 no habilita el flag 'secure' para la cookie de la sesión en una sesión https, lo faciita a los atacantes remotos el capturar esta cookie interceptando su transmisión dentro de una sesión http.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	5.0	10.0	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N
3.1	Primary	NVD	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N