Description

Joomla! 1.5.8 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.

Remediation

References

CVE-2008-4122

Related Vulnerabilities

WordPress Plugin WordPress Infinite Scroll-Ajax Load More Arbitrary File Upload (2.8.1.1)

WordPress Plugin All-In-One Security (AIOS)-Security and Firewall Cross-Site Scripting (3.9.4)

Atlassian Jira Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2008-6531)

WordPress Plugin WP Simple Cart Arbitrary File Upload (1.0.15)

Oracle JRE CVE-2012-5068 Vulnerability (CVE-2012-5068)

Severity

Medium

Classification

CVE-2008-4122

Tags

Missing Update Known Vulnerabilities