Cookie Vulnerability in PCS Daemon from Red Hat and Fedora
CVE-2015-1848

Currently unrated

Key Information:

Vendor

Fedora

Status
Pacemaker Configuration System
Vendor
CVE Published:
14 May 2015

What is CVE-2015-1848?

The pcs daemon (pcsd) in PCS versions 0.9.137 and earlier lacks proper security measures as it does not set the secure flag for cookies used in HTTPS sessions. This oversight permits remote attackers to intercept and capture sensitive cookies during transmission over HTTP, significantly compromising the security of the affected systems. Ensuring that secure flags are appropriately set is crucial to prevent unauthorized access to sensitive session data.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://rhn.redhat.com/errata/RHSA-2015-0990.html
vendor-advisoryx_refsource_REDHAT
http://lists.fedoraproject.org/pipermail/package-announce...
vendor-advisoryx_refsource_FEDORA
https://bugzilla.redhat.com/attachment.cgi?id=1009855
x_refsource_CONFIRM

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.