Description
Drupal, probably 5.10 and 6.4, does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
Remediation
References
Related Vulnerabilities
MySQL CVE-2019-2627 Vulnerability (CVE-2019-2627)
WordPress Plugin WP-Filebase Download Manager Remote Code Execution (0.3.0.03)
WordPress Plugin Permalink Manager Lite Unspecified Vulnerability (2.2.13.1)
WordPress 4.5.x Multiple Vulnerabilities (4.5 - 4.5.19)
WordPress Plugin Product Input Fields for WooCommerce Arbitrary File Download (1.2.6)