Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Mantis < 1.1.4 HTTPS Session Cookie Secure Flag Weakness

Medium

Synopsis

The remote server is running Mantis, a bug-tracking software.

Description

The remote server is running Mantis, a bug-tracking software. This version of Mantis is vulnerable to a flaw where cookies passed over SSL are not marked as 'Secure'. Given this, the cookie can be requested over HTTP and sent via plaintext.

Solution

Upgrade to version 1.1.4 or higher.