icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Mantis < 1.1.4 HTTPS Session Cookie Secure Flag Weakness

Medium

Synopsis

The remote server is running Mantis, a bug-tracking software.

Description

The remote server is running Mantis, a bug-tracking software. This version of Mantis is vulnerable to a flaw where cookies passed over SSL are not marked as 'Secure'. Given this, the cookie can be requested over HTTP and sent via plaintext.

Solution

Upgrade to version 1.1.4 or higher.