CVE-2009-3584

Priority
Low
Description
SQL-Ledger 2.8.24 does not set the secure flag for the session cookie in an
https session, which makes it easier for remote attackers to capture this
cookie by intercepting its transmission within an http session.
References
Package
Upstream:needed
Ubuntu 10.04 LTS (Lucid Lynx):ignored (reached end-of-life)
Ubuntu 12.04 LTS (Precise Pangolin):needed
Ubuntu 13.10 (Saucy Salamander):ignored (reached end-of-life)
Ubuntu 14.04 LTS (Trusty Tahr):needed
Ubuntu 14.10 (Utopic Unicorn):needed
More Information

Valid XHTML 1.0 Strict

Updated: 2014-07-17 15:14:28 UTC (commit 8246)