Test ID:	1.3.6.1.4.1.25623.1.0.61915
Category:	FreeBSD Local Security Checks
Title:	FreeBSD Ports: mantis
Summary:	The remote host is missing an update to the system; as announced in the referenced advisory.
Description:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following package is affected: mantis CVE-2008-3102 Mantis 1.1.x through 1.1.2 and 1.2.x through 1.2.0a2 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2008-3102 BugTraq ID: 31344 http://www.securityfocus.com/bid/31344 Bugtraq: 20080922 menalto gallery: Session hijacking vulnerability, CVE-2008-3102 (Google Search) http://www.securityfocus.com/archive/1/496625/100/0/threaded Bugtraq: 20080923 mantis CVE-2008-3102 (Re: menalto gallery: Session hijacking vulnerability, CVE-2008-3102) (Google Search) http://www.securityfocus.com/archive/1/496684/100/0/threaded https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00504.html https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00648.html http://www.gentoo.org/security/en/glsa/glsa-200812-07.xml http://int21.de/cve/CVE-2008-3102-mantis.html http://secunia.com/advisories/32243 http://secunia.com/advisories/32330 http://secunia.com/advisories/32975 http://securityreason.com/securityalert/4298 XForce ISS Database: mantis-cookie-session-hijacking(45395) https://exchange.xforce.ibmcloud.com/vulnerabilities/45395
Copyright	Copyright (C) 2008 E-Soft Inc.

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.