Page 14 of 66 results (0.006 seconds)

CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0

Drupal, probably 5.10 and 6.4, does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie. Drupal, probablemente v5.10 y v6.4, no establece el indicador seguro para la cookie de sesión en una sesión https, lo que puede provocar que sea enviada en una petición http y facilitar a los atacantes remotos el capturar la misma. • http://int21.de/cve/CVE-2008-3661-drupal.html http://www.securityfocus.com/archive/1/496575/100/0/threaded http://www.securityfocus.com/bid/31285 https://exchange.xforce.ibmcloud.com/vulnerabilities/45298 •