CVE-2015-1848

Published May 14, 2015

Last updated 3 months ago

CVSS info 6.8

Overview

Description: The pcs daemon (pcsd) in PCS 0.9.137 and earlier does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. NOTE: this issue was SPLIT per ADT2 due to different vulnerability types. CVE-2015-3983 is for the issue with not setting the HTTPOnly flag.
Source: secalert@redhat.com
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 6.8
Impact score: 6.4
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-310

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:fedora:pacemaker_configuration_system:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E8A6579C-9633-4842-972F-4392053D9D73",
            "versionEndIncluding": "0.9.137"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_high_availability:6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E5ACB0BE-6736-4644-86B1-77AA9E5B8AEF"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_high_availability:7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F92715C0-6341-4617-9F61-C87907D1C3F8"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_high_availability_eus:6.6.z:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "01885365-42EB-4519-B331-B30CE1D5968B"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_high_availability_eus:7.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EF7EA768-C917-4A14-B599-B8615A532B18"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_resilient_storage:6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B284C97C-AEF7-4431-8A02-E0EA5B991FE0"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_resilient_storage:7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F66BE726-A258-42D7-B23A-925F50FDF449"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_resilient_storage_eus:6.6.z:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FC8BA03B-6E9A-46DC-B979-B8C522269F15"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_resilient_storage_eus:7.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "94594B19-900E-4F56-BDB8-3C9681656C84"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References