What is the severity of CVE-2011-0400?

CVE-2011-0400 is classified as a medium severity vulnerability due to its potential for session hijacking.

How do I fix CVE-2011-0400?

To fix CVE-2011-0400, update to a version of Matomo that is 1.1 or later, where the secure flag is set for session cookies.

What types of attacks does CVE-2011-0400 expose users to?

CVE-2011-0400 exposes users to session hijacking attacks through the interception of session cookies.

Which versions of Matomo are affected by CVE-2011-0400?

CVE-2011-0400 affects all versions of Matomo prior to 1.1 and specific older versions starting from 0.1.

What should I do if I cannot upgrade from an affected version of Matomo regarding CVE-2011-0400?

If an upgrade is not possible, you should ensure that all traffic is served over HTTPS and manually set the secure flag for session cookies.

Vulnerability/
CVE-2011-0400

medium

CWE

10/1/2011

6/8/2024

CVE-2011-0400

First published: Mon Jan 10 2011(Updated: )

Cookie.php in Piwik before 1.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
MediaWiki Matomo	<=1.0
MediaWiki Matomo	=0.1
MediaWiki Matomo	=0.1.1
MediaWiki Matomo	=0.1.2
MediaWiki Matomo	=0.1.3
MediaWiki Matomo	=0.1.4
MediaWiki Matomo	=0.1.5
MediaWiki Matomo	=0.1.6
MediaWiki Matomo	=0.1.7
MediaWiki Matomo	=0.1.8
MediaWiki Matomo	=0.1.9
MediaWiki Matomo	=0.1.10
MediaWiki Matomo	=0.2.1
MediaWiki Matomo	=0.2.2
MediaWiki Matomo	=0.2.3
MediaWiki Matomo	=0.2.4
MediaWiki Matomo	=0.2.5
MediaWiki Matomo	=0.2.6
MediaWiki Matomo	=0.2.7
MediaWiki Matomo	=0.2.8
MediaWiki Matomo	=0.2.9
MediaWiki Matomo	=0.2.10
MediaWiki Matomo	=0.2.11
MediaWiki Matomo	=0.2.12
MediaWiki Matomo	=0.2.13
MediaWiki Matomo	=0.2.14
MediaWiki Matomo	=0.2.16
MediaWiki Matomo	=0.2.17
MediaWiki Matomo	=0.2.18
MediaWiki Matomo	=0.2.19
MediaWiki Matomo	=0.2.20
MediaWiki Matomo	=0.2.22
MediaWiki Matomo	=0.2.23
MediaWiki Matomo	=0.2.24
MediaWiki Matomo	=0.2.25
MediaWiki Matomo	=0.2.26
MediaWiki Matomo	=0.2.27
MediaWiki Matomo	=0.2.28
MediaWiki Matomo	=0.2.29
MediaWiki Matomo	=0.2.30
MediaWiki Matomo	=0.2.31
MediaWiki Matomo	=0.2.32
MediaWiki Matomo	=0.2.33
MediaWiki Matomo	=0.2.34
MediaWiki Matomo	=0.4-rc1
MediaWiki Matomo	=0.4-rc2
MediaWiki Matomo	=0.4-rc3
MediaWiki Matomo	=0.4.1-rc1
MediaWiki Matomo	=0.4.4
MediaWiki Matomo	=0.4.5
MediaWiki Matomo	=0.5
MediaWiki Matomo	=0.5.1
MediaWiki Matomo	=0.5.2
MediaWiki Matomo	=0.5.3
MediaWiki Matomo	=0.5.4
MediaWiki Matomo	=0.5.5
MediaWiki Matomo	=0.6
MediaWiki Matomo	=0.6.1
MediaWiki Matomo	=0.6.2
MediaWiki Matomo	=0.6.3
MediaWiki Matomo	=0.6.3-rc1
MediaWiki Matomo	=0.6.3-rc2
MediaWiki Matomo	=0.6.4
MediaWiki Matomo	=0.7
MediaWiki Matomo	=0.8
MediaWiki Matomo	=0.9
MediaWiki Matomo	=0.9.9

Remedy

http://piwik.org/blog/2011/01/piwik-1-1-2/

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2011-0400?
CVE-2011-0400 is classified as a medium severity vulnerability due to its potential for session hijacking.
How do I fix CVE-2011-0400?
To fix CVE-2011-0400, update to a version of Matomo that is 1.1 or later, where the secure flag is set for session cookies.
What types of attacks does CVE-2011-0400 expose users to?
CVE-2011-0400 exposes users to session hijacking attacks through the interception of session cookies.
Which versions of Matomo are affected by CVE-2011-0400?
CVE-2011-0400 affects all versions of Matomo prior to 1.1 and specific older versions starting from 0.1.
What should I do if I cannot upgrade from an affected version of Matomo regarding CVE-2011-0400?
If an upgrade is not possible, you should ensure that all traffic is served over HTTPS and manually set the secure flag for session cookies.

agent/type
collector/mitre-cve
source/MITRE
agent/weakness
agent/remedy
agent/severity
agent/references
agent/last-modified-date
agent/description
agent/author
agent/event
agent/first-publish-date
agent/source
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-historical
vendor/matomo
canonical/mediawiki matomo
version/mediawiki matomo/1.0
version/mediawiki matomo/0.1
version/mediawiki matomo/0.1.1
version/mediawiki matomo/0.1.2
version/mediawiki matomo/0.1.3
version/mediawiki matomo/0.1.4
version/mediawiki matomo/0.1.5
version/mediawiki matomo/0.1.6
version/mediawiki matomo/0.1.7
version/mediawiki matomo/0.1.8
version/mediawiki matomo/0.1.9
version/mediawiki matomo/0.1.10
version/mediawiki matomo/0.2.1
version/mediawiki matomo/0.2.2
version/mediawiki matomo/0.2.3
version/mediawiki matomo/0.2.4
version/mediawiki matomo/0.2.5
version/mediawiki matomo/0.2.6
version/mediawiki matomo/0.2.7
version/mediawiki matomo/0.2.8
version/mediawiki matomo/0.2.9
version/mediawiki matomo/0.2.10
version/mediawiki matomo/0.2.11
version/mediawiki matomo/0.2.12
version/mediawiki matomo/0.2.13
version/mediawiki matomo/0.2.14
version/mediawiki matomo/0.2.16
version/mediawiki matomo/0.2.17
version/mediawiki matomo/0.2.18
version/mediawiki matomo/0.2.19
version/mediawiki matomo/0.2.20
version/mediawiki matomo/0.2.22
version/mediawiki matomo/0.2.23
version/mediawiki matomo/0.2.24
version/mediawiki matomo/0.2.25
version/mediawiki matomo/0.2.26
version/mediawiki matomo/0.2.27
version/mediawiki matomo/0.2.28
version/mediawiki matomo/0.2.29
version/mediawiki matomo/0.2.30
version/mediawiki matomo/0.2.31
version/mediawiki matomo/0.2.32
version/mediawiki matomo/0.2.33
version/mediawiki matomo/0.2.34
version/mediawiki matomo/0.4-rc1
version/mediawiki matomo/0.4-rc2
version/mediawiki matomo/0.4-rc3
version/mediawiki matomo/0.4.1-rc1
version/mediawiki matomo/0.4.4
version/mediawiki matomo/0.4.5
version/mediawiki matomo/0.5
version/mediawiki matomo/0.5.1
version/mediawiki matomo/0.5.2
version/mediawiki matomo/0.5.3
version/mediawiki matomo/0.5.4
version/mediawiki matomo/0.5.5
version/mediawiki matomo/0.6
version/mediawiki matomo/0.6.1
version/mediawiki matomo/0.6.2
version/mediawiki matomo/0.6.3
version/mediawiki matomo/0.6.3-rc1
version/mediawiki matomo/0.6.3-rc2
version/mediawiki matomo/0.6.4
version/mediawiki matomo/0.7
version/mediawiki matomo/0.8
version/mediawiki matomo/0.9
version/mediawiki matomo/0.9.9

CVE-2011-0400

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2011-0400?

How do I fix CVE-2011-0400?

What types of attacks does CVE-2011-0400 expose users to?

Which versions of Matomo are affected by CVE-2011-0400?

What should I do if I cannot upgrade from an affected version of Matomo regarding CVE-2011-0400?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2011-0400?

How do I fix CVE-2011-0400?

What types of attacks does CVE-2011-0400 expose users to?

Which versions of Matomo are affected by CVE-2011-0400?

What should I do if I cannot upgrade from an affected version of Matomo regarding CVE-2011-0400?