CVE-2009-3584

Published: Dec 23, 2009Modified: Apr 23, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

SQL-Ledger 2.8.24 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.

Affected (1)

Products: Sql Ledger: Sql Ledger

Sql Ledger

1 product

Sql Ledger

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Sql Ledger Sql Ledger	Version 2.8.24

Related CWEs

CWE-16

References (8)

http://secunia.com/advisories/37877

Source: cve@mitre.org

Vendor Advisory

http://www.securityfocus.com/archive/1/508559/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/37431

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/54968

Source: cve@mitre.org

http://secunia.com/advisories/37877

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/archive/1/508559/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/37431

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/54968

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.