CVE-2009-3584

Priority
Low
Description
SQL-Ledger 2.8.24 does not set the secure flag for the session cookie in an
https session, which makes it easier for remote attackers to capture this
cookie by intercepting its transmission within an http session.
References
Package
Upstream:needed
Ubuntu 12.04 LTS (Precise Pangolin):needed
Ubuntu 14.04 LTS (Trusty Tahr):needed
Ubuntu Touch 15.04:DNE
Ubuntu Core 15.04:DNE
Ubuntu 15.10 (Wily Werewolf):ignored (reached end-of-life)
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 16.10 (Yakkety Yak):needed
More Information

Updated: 2016-08-01 16:14:57 UTC (commit 11295)