CVE-2008-3057 - OpenCVE

Octeth Oempro 3.5.5.1, and possibly other versions before 4, does not set the secure flag for the PHPSESSID cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Octeth	Oempro

Configuration 1 [-]

cpe:2.3:a:octeth:oempro:3.5.5.1:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://octeth.com/blog/category/oempro4/
http://osvdb.org/ref/50/oempro.txt
http://www.osvdb.org/50321
https://exchange.xforce.ibmcloud.com/vulnerabilities/47109

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-12-03T17:00:00

Updated: 2024-08-07T09:21:34.958Z

Reserved: 2008-07-07T00:00:00

Link: CVE-2008-3057

Vulnrichment

No data.

NVD

Status : Modified

Published: 2008-12-03T17:30:00.337

Modified: 2017-08-08T01:31:32.607

Link: CVE-2008-3057

Redhat

No data.

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object