Description

Joomla! 1.5.8 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.

Remediation

References

CVE-2008-4122

Related Vulnerabilities

WordPress Plugin Rating-Widget:Star Review System Security Bypass (2.8.9)

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-8808)

WordPress Plugin Follow Me Cross-Site Request Forgery (3.1.1)

Internet Information Services Other Vulnerability (CVE-2001-0709)

WordPress Plugin WP JS Cross-Site Scripting (2.0.6)

Severity

Medium

Classification

CVE-2008-4122

Tags

Missing Update Known Vulnerabilities