CVE-2008-4122Cleartext Transmission of Sensitive Info in Joomla !

CWE-319Cleartext Transmission of Sensitive InfoCWE-311Missing Encryption of Sensitive Data4 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.0%
top 95.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Joomla !
Timeline
PublishedDec 19
Latest updateMay 2

Description

Joomla! 1.5.8 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

NVDjoomla/joomla_!1.5.8

🔴Vulnerability Details

1
GHSA
GHSA-5m95-8m7x-3gcp: Joomla! 12022-05-02

📐Framework References

2
CWE
Missing Encryption of Sensitive Data
CWE
Cleartext Transmission of Sensitive Information