Bug#473571: plone3: CVE-2008-139[3-6] multiple vulnerabilities

[Florian Weimer]

* Nico Golde:

> While I agree that the cookie issues and the session id 
> issue is not of an high impact I still think that at least 
> the CSRF issue should be fixed cause the exploit scenario 
> has a certain real life importance.

The __ac cookie issue is significant as well if the secure flag is not
set on the cookie even if login happens over HTTPS.