CVE-2014-0090

Published May 8, 2014

Last updated 3 months ago

CVSS info 6.8

Overview

Description: Session fixation vulnerability in Foreman before 1.4.2 allows remote attackers to hijack web sessions via the session id cookie.
Source: secalert@redhat.com
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 6.8
Impact score: 6.4
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-287

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:theforeman:foreman:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1047C709-CCA2-4247-971D-E2C23F1B3482",
            "versionEndIncluding": "1.4.1"
          },
          {
            "criteria": "cpe:2.3:a:theforeman:foreman:1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8DEEE67E-9448-4DCF-8724-8B744CA2F3E8"
          },
          {
            "criteria": "cpe:2.3:a:theforeman:foreman:1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B33A0A48-7B34-465B-BC10-A9D1C4FEDA9F"
          },
          {
            "criteria": "cpe:2.3:a:theforeman:foreman:1.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4C8C6EAF-4077-4797-B550-4ACB0ABB9361"
          },
          {
            "criteria": "cpe:2.3:a:theforeman:foreman:1.2.0:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CC6F46A2-F270-4426-9E43-199F86785F3B"
          },
          {
            "criteria": "cpe:2.3:a:theforeman:foreman:1.2.0:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "40A2CBA2-C121-479B-AB17-40FCD273230F"
          },
          {
            "criteria": "cpe:2.3:a:theforeman:foreman:1.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "870AAD92-EF20-4162-B13C-66AC554220D9"
          },
          {
            "criteria": "cpe:2.3:a:theforeman:foreman:1.2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F03B6069-2A50-4B69-AB5F-4129E233ECF2"
          },
          {
            "criteria": "cpe:2.3:a:theforeman:foreman:1.2.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "53128807-D95A-4F78-80D9-190D3FFA9391"
          },
          {
            "criteria": "cpe:2.3:a:theforeman:foreman:1.4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E85D7723-0DF9-43C4-A0FF-5C2835C98DEC"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References