VYPR
Unrated severityNVD Advisory· Published Jun 5, 2008· Updated Jun 16, 2026

CVE-2008-2558

CVE-2008-2558

Description

CRE Loaded 6.2.13.1 and earlier does not set the "Secure" attribute for cookies that are sent over HTTPS, which might allow remote attackers to sniff the cookies if they are sent over HTTP.

Affected products

2
  • cpe:2.3:a:cre_loaded:cre_loaded:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:cre_loaded:cre_loaded:*:*:*:*:*:*:*:*range: <=6.2.13.1
    • (no CPE)range: <=6.2.13.1

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.