Description

Joomla! 1.5.8 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.

Remediation

References

CVE-2008-4122

Related Vulnerabilities

WordPress CVE-2016-5836 Vulnerability (CVE-2016-5836)

MySQL CVE-2015-0503 Vulnerability (CVE-2015-0503)

Liferay Portal Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2022-28981)

Drupal Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3730)

PostgreSQL Other Vulnerability (CVE-2002-1402)

Severity

Medium

Classification

CVE-2008-4122

Tags

Missing Update Known Vulnerabilities