CVE-2008-4122
First published: Fri Dec 19 2008(Updated: )
Joomla! 1.5.8 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Joomla | =1.5.8 | |
| Joomla | =1.5.8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2008-4122?
CVE-2008-4122 is considered a high severity vulnerability due to the risk of session hijacking.
How do I fix CVE-2008-4122?
To fix CVE-2008-4122, ensure that the Joomla! session cookie is configured to use the secure flag for HTTPS connections.
What versions of Joomla! are affected by CVE-2008-4122?
Joomla! version 1.5.8 is affected by CVE-2008-4122.
What type of attack does CVE-2008-4122 facilitate?
CVE-2008-4122 facilitates session hijacking attacks by allowing remote attackers to capture session cookies.
Is there a workaround for CVE-2008-4122?
A potential workaround for CVE-2008-4122 is to manually configure your server to enforce secure connections for all sessions.
- agent/references
- agent/type
- agent/author
- agent/severity
- agent/weakness
- agent/softwarecombine
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-historical
- collector/nvd-index
- vendor/joomla
- canonical/joomla
- version/joomla/1.5.8