Description

Joomla! 1.5.8 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.

Remediation

References

CVE-2008-4122

Related Vulnerabilities

Magento Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-7865)

PostgreSQL Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-10208)

MyBB Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2022-45867)

Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-2153)

MySQL CVE-2017-3458 Vulnerability (CVE-2017-3458)

Severity

Medium

Classification

CVE-2008-4122

Tags

Missing Update Known Vulnerabilities