CVE-2015-1848
Published May 14, 2015
Last updated a year ago
Overview
- Description
- The pcs daemon (pcsd) in PCS 0.9.137 and earlier does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. NOTE: this issue was SPLIT per ADT2 due to different vulnerability types. CVE-2015-3983 is for the issue with not setting the HTTPOnly flag.
- Source
- secalert@redhat.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 6.8
- Impact score
- 6.4
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-310
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fedora:pacemaker_configuration_system:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E8A6579C-9633-4842-972F-4392053D9D73",
"versionEndIncluding": "0.9.137"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_high_availability:6.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E5ACB0BE-6736-4644-86B1-77AA9E5B8AEF"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_high_availability:7.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F92715C0-6341-4617-9F61-C87907D1C3F8"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_high_availability_eus:6.6.z:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "01885365-42EB-4519-B331-B30CE1D5968B"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_high_availability_eus:7.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EF7EA768-C917-4A14-B599-B8615A532B18"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_resilient_storage:6.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B284C97C-AEF7-4431-8A02-E0EA5B991FE0"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_resilient_storage:7.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F66BE726-A258-42D7-B23A-925F50FDF449"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_resilient_storage_eus:6.6.z:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FC8BA03B-6E9A-46DC-B979-B8C522269F15"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_resilient_storage_eus:7.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "94594B19-900E-4F56-BDB8-3C9681656C84"
}
],
"operator": "OR"
}
]
}
]