Launchpad.net

CVE 2008-3102

Mantis 1.1.x through 1.1.2 and 1.2.x through 1.2.0a2 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.

Related bugs and status

CVE-2008-3102 (Candidate) is related to these bugs:

Bug #255011: sru request for sun-java5

		In	Importance	Status
255011	sru request for sun-java5	sun-java5 (Ubuntu)	Undecided	Invalid
255011	sru request for sun-java5	sun-java5 (Ubuntu Dapper)	Undecided	Fix Released
255011	sru request for sun-java5	sun-java5 (Ubuntu Hardy)	Undecided	Fix Released
255011	sru request for sun-java5	sun-java5 (Ubuntu Intrepid)	Undecided	Won't Fix

See the

CVE page on Mitre.org for more details.

References

MISC: http://int21.de/cve/CV...
GENTOO: GLSA-200812-07
SECUNIA: 32975
SREASON: 4298
SECUNIA: 32243
FEDORA: FEDORA-2008-8925
FEDORA: FEDORA-2008-9015
SECUNIA: 32330
BID: 31344
XF: mantis-cookie-session-...
BUGTRAQ: 20080922 menalto galle...
BUGTRAQ: 20080923 mantis CVE-20...