CVE-2009-3584

Priority
Low
Description
SQL-Ledger 2.8.24 does not set the secure flag for the session cookie in an
https session, which makes it easier for remote attackers to capture this
cookie by intercepting its transmission within an http session.
References
Package
Upstream:needed
Ubuntu 12.04 LTS (Precise Pangolin):needed
Ubuntu 14.04 LTS (Trusty Tahr):needed
Ubuntu 15.04 (Vivid Vervet):ignored (reached end-of-life)
Ubuntu Touch 15.04:DNE
Ubuntu Core 15.04:DNE
Ubuntu 15.10 (Wily Werewolf):needed
Ubuntu 16.04 (Xenial Xerus):needed
More Information

Valid XHTML 1.0 Strict

Updated: 2016-02-04 14:14:48 UTC (commit 10579)