FreeBSD Local Security Checks : FreeBSD Ports: mantis

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.61915

Categoría: FreeBSD Local Security Checks

Título: FreeBSD Ports: mantis

Resumen: The remote host is missing an update to the system; as announced in the referenced advisory.

Descripción: Summary:
The remote host is missing an update to the system
as announced in the referenced advisory.

Vulnerability Insight:
The following package is affected: mantis

CVE-2008-3102
Mantis 1.1.x through 1.1.2 and 1.2.x through 1.2.0a2 does not set the
secure flag for the session cookie in an https session, which can
cause the cookie to be sent in http requests and make it easier for
remote attackers to capture this cookie.

Solution:
Update your system with the appropriate patches or
software upgrades.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2008-3102
BugTraq ID: 31344
http://www.securityfocus.com/bid/31344
Bugtraq: 20080922 menalto gallery: Session hijacking vulnerability, CVE-2008-3102 (Google Search)
http://www.securityfocus.com/archive/1/496625/100/0/threaded
Bugtraq: 20080923 mantis CVE-2008-3102 (Re: menalto gallery: Session hijacking vulnerability, CVE-2008-3102) (Google Search)
http://www.securityfocus.com/archive/1/496684/100/0/threaded
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00504.html
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00648.html
http://www.gentoo.org/security/en/glsa/glsa-200812-07.xml
http://int21.de/cve/CVE-2008-3102-mantis.html
http://secunia.com/advisories/32243
http://secunia.com/advisories/32330
http://secunia.com/advisories/32975
http://securityreason.com/securityalert/4298
XForce ISS Database: mantis-cookie-session-hijacking(45395)
https://exchange.xforce.ibmcloud.com/vulnerabilities/45395

Copyright Copyright (C) 2008 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.61915
Categoría:	FreeBSD Local Security Checks
Título:	FreeBSD Ports: mantis
Resumen:	The remote host is missing an update to the system; as announced in the referenced advisory.
Descripción:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following package is affected: mantis CVE-2008-3102 Mantis 1.1.x through 1.1.2 and 1.2.x through 1.2.0a2 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-3102 BugTraq ID: 31344 http://www.securityfocus.com/bid/31344 Bugtraq: 20080922 menalto gallery: Session hijacking vulnerability, CVE-2008-3102 (Google Search) http://www.securityfocus.com/archive/1/496625/100/0/threaded Bugtraq: 20080923 mantis CVE-2008-3102 (Re: menalto gallery: Session hijacking vulnerability, CVE-2008-3102) (Google Search) http://www.securityfocus.com/archive/1/496684/100/0/threaded https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00504.html https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00648.html http://www.gentoo.org/security/en/glsa/glsa-200812-07.xml http://int21.de/cve/CVE-2008-3102-mantis.html http://secunia.com/advisories/32243 http://secunia.com/advisories/32330 http://secunia.com/advisories/32975 http://securityreason.com/securityalert/4298 XForce ISS Database: mantis-cookie-session-hijacking(45395) https://exchange.xforce.ibmcloud.com/vulnerabilities/45395
Copyright	Copyright (C) 2008 E-Soft Inc.