Session Cookie Vulnerability in SQL-Ledger Product from SQL-Ledger
CVE-2009-3584

Currently unrated

Key Information:

Vendor: Sql-ledger
Status: Sql-ledger
Vendor: CVE Published:; 23 December 2009

What is CVE-2009-3584?

SQL-Ledger version 2.8.24 lacks the secure flag for session cookies within HTTPS sessions. This vulnerability exposes sensitive session cookies to interception by remote attackers if the communication is not properly secured. When session cookies are transmitted over HTTP connections, attackers can capture these unsecured cookies, potentially leading to unauthorized access and exploitation of user sessions.

References

http://www.securityfocus.com/archive/1/508559/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://secunia.com/advisories/37877

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/bid/37431

vdb-entryx_refsource_BID

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 23, 2009
Vulnerability Reserved
Oct 7, 2009

CVE-2009-3584 Data

JSON

Sql-ledger

What is CVE-2009-3584?

References

Timeline