Unrated severityNVD Advisory· Published Jun 5, 2008· Updated Jun 16, 2026
CVE-2008-2558
CVE-2008-2558
Description
CRE Loaded 6.2.13.1 and earlier does not set the "Secure" attribute for cookies that are sent over HTTPS, which might allow remote attackers to sniff the cookies if they are sent over HTTP.
Affected products
2cpe:2.3:a:cre_loaded:cre_loaded:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:cre_loaded:cre_loaded:*:*:*:*:*:*:*:*range: <=6.2.13.1
- (no CPE)range: <=6.2.13.1
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.