CVE-2008-2558

medium

Description

CRE Loaded 6.2.13.1 and earlier does not set the "Secure" attribute for cookies that are sent over HTTPS, which might allow remote attackers to sniff the cookies if they are sent over HTTP.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/42889

http://oscommerceuniversity.com/lounge/index.php?topic=255.0

Details

Source: Mitre, NVD

Published: 2008-06-05

Updated: 2026-04-23

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N