Unrated severityNVD Advisory· Published Sep 24, 2008· Updated Jun 16, 2026
CVE-2008-3102
CVE-2008-3102
Description
Mantis 1.1.x through 1.1.2 and 1.2.x through 1.2.0a2 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
6cpe:2.3:a:mantisbt:mantisbt:1.1.0:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:mantisbt:mantisbt:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:mantisbt:mantisbt:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:mantisbt:mantisbt:1.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:mantisbt:mantisbt:1.2.0a1:*:*:*:*:*:*:*
- cpe:2.3:a:mantisbt:mantisbt:1.2.0a2:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
12- secunia.com/advisories/32243nvdVendor Advisory
- secunia.com/advisories/32330nvdVendor Advisory
- secunia.com/advisories/32975nvdVendor Advisory
- int21.de/cve/CVE-2008-3102-mantis.htmlnvd
- securityreason.com/securityalert/4298nvd
- www.gentoo.org/security/en/glsa/glsa-200812-07.xmlnvd
- www.securityfocus.com/archive/1/496625/100/0/threadednvd
- www.securityfocus.com/archive/1/496684/100/0/threadednvd
- www.securityfocus.com/bid/31344nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/45395nvd
- www.redhat.com/archives/fedora-package-announce/2008-October/msg00504.htmlnvd
- www.redhat.com/archives/fedora-package-announce/2008-October/msg00648.htmlnvd
News mentions
0No linked articles in our index yet.