CVE-2008-3662

Gallery before 1.5.9, and 2.x before 2.2.6, does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 71%
VendorProductVersion
gallerygallery
𝑥
≤ 2.2.5
gallerygallery
2.2.0
gallerygallery
2.2.1
gallerygallery
2.2.2
gallerygallery
2.2.3
gallerygallery
2.2.4
gallerygallery
𝑥
≤ 1.5.8
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
gallery
oneiric
not-affected
natty
not-affected
maverick
not-affected
lucid
not-affected
karmic
not-affected
jaunty
not-affected
intrepid
ignored
hardy
ignored
gutsy
ignored
feisty
ignored
dapper
ignored
gallery2
oneiric
not-affected
natty
not-affected
maverick
not-affected
lucid
not-affected
karmic
not-affected
jaunty
not-affected
intrepid
not-affected
hardy
ignored
gutsy
ignored
feisty
ignored
dapper
ignored
Common Weakness Enumeration
References
http://gallery.menalto.com/gallery_1.5.9_released
http://gallery.menalto.com/gallery_2.2.6_released
http://int21.de/cve/CVE-2008-3662-gallery.html
http://seclists.org/fulldisclosure/2008/Sep/0379.html
http://secunia.com/advisories/32662
http://secunia.com/advisories/33144
http://security.gentoo.org/glsa/glsa-200811-02.xml
http://www.securityfocus.com/archive/1/496509/100/0/threaded
http://www.securityfocus.com/bid/31231
https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00794.html
https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00832.html
http://gallery.menalto.com/gallery_1.5.9_released
http://gallery.menalto.com/gallery_2.2.6_released
http://int21.de/cve/CVE-2008-3662-gallery.html
http://seclists.org/fulldisclosure/2008/Sep/0379.html
http://secunia.com/advisories/32662
http://secunia.com/advisories/33144
http://security.gentoo.org/glsa/glsa-200811-02.xml
http://www.securityfocus.com/archive/1/496509/100/0/threaded
http://www.securityfocus.com/bid/31231
https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00794.html
https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00832.html