CVE-2008-2558

{"id": "CVE-2008-2558", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2008-06-05T21:32:00.000", "references": [{"url": "http://oscommerceuniversity.com/lounge/index.php?topic=255.0", "tags": ["URL Repurposed"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42889", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-310"}]}], "descriptions": [{"lang": "en", "value": "CRE Loaded 6.2.13.1 and earlier does not set the \"Secure\" attribute for cookies that are sent over HTTPS, which might allow remote attackers to sniff the cookies if they are sent over HTTP."}, {"lang": "es", "value": "CRE Loaded 6.2.13.1 y versiones anteriores no cumple el atributo \"Secure\" para cookies que son enviadas sobre HTTPS, lo que puede permitir a atacantes remotos analizar las cookies si son enviadas sobre HTTP."}], "lastModified": "2024-02-14T01:17:43.863", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cre_loaded:cre_loaded:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "241ECBCF-F797-490B-97F9-770796829B28", "versionEndIncluding": "6.2.13.1"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}