CVE: CVE-2008-4122

Export to Word

Joomla! 1.5.8 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.

Threat-Mapped Scoring

Score: 1.8

Priority: P4 - Informational (Low)

S9 – Sabotage of System/App

EPSS

Score: 0.00018
Percentile: 0.03017

CVSS Scoring

CVSS v3.1 Score: 7.5

Severity: HIGH

Mapped CWE(s)

CWE-319 : Cleartext Transmission of Sensitive Information

All CAPEC(s)

CAPEC-102: Session Sidejacking
CAPEC-117: Interception
CAPEC-383: Harvesting Information via API Event Monitoring
CAPEC-477: Signature Spoofing by Mixing Signed and Unsigned Content
CAPEC-65: Sniff Application Code

CAPEC(s) with Mapped TTPs

CAPEC-383: Harvesting Information via API Event Monitoring
Mapped TTPs:
- T1056.004 : Credential API Hooking
CAPEC-65: Sniff Application Code
Mapped TTPs:
- T1040 : Network Sniffing

Mapped ATT&CK TTPs

T1056.004 : Credential API Hooking
Kill Chain: collection
T1040 : Network Sniffing
Kill Chain: credential-access

Malware

APTs Threat Group Associations

Campaigns

ArcaneDoor
2015 Ukraine Electric Power Attack

Affected Products

cpe:2.3:a:joomla:joomla\!:1.5.8:*:*:*:*:*:*:*

← Back to Home