Unrated severityNVD Advisory· Published Sep 18, 2008· Updated Apr 23, 2026

CVE-2008-3662

Description

Gallery before 1.5.9, and 2.x before 2.2.6, does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.

Affected products

Gallery/Gallery6 versions
cpe:2.3:a:gallery:gallery:*:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:gallery:gallery:*:*:*:*:*:*:*:*range: <=2.2.5
- cpe:2.3:a:gallery:gallery:2.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:gallery:gallery:2.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:gallery:gallery:2.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:gallery:gallery:2.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:gallery:gallery:2.2.4:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

gallery.menalto.com/gallery_1.5.9_releasednvdPatch
gallery.menalto.com/gallery_2.2.6_releasednvdPatch
int21.de/cve/CVE-2008-3662-gallery.htmlnvd
seclists.org/fulldisclosure/2008/Sep/0379.htmlnvd
secunia.com/advisories/32662nvd
secunia.com/advisories/33144nvd
security.gentoo.org/glsa/glsa-200811-02.xmlnvd
www.securityfocus.com/archive/1/496509/100/0/threadednvd
www.securityfocus.com/bid/31231nvd
www.redhat.com/archives/fedora-package-announce/2008-December/msg00794.htmlnvd
www.redhat.com/archives/fedora-package-announce/2008-December/msg00832.htmlnvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000