CVE-2009-3584

NameCVE-2009-3584
DescriptionSQL-Ledger 2.8.24 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium (attack range: remote)
Debian Bugs562639

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
sql-ledger (PTS)jessie3.0.6-2vulnerable
stretch3.0.8-1vulnerable
buster, sid3.2.6-1vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
sql-ledgersource(unstable)(unfixed)unimportant562639

Notes

Only supported behind an authenticated HTTP zone, see README.Debian
Search for package or bug name: Reporting problems