Cookie Vulnerability in PCS Daemon from Red Hat and Fedora
CVE-2015-1848

Currently unrated

Key Information:

Vendor: Fedora
Status: Pacemaker Configuration System
Vendor: CVE Published:; 14 May 2015

What is CVE-2015-1848?

The pcs daemon (pcsd) in PCS versions 0.9.137 and earlier lacks proper security measures as it does not set the secure flag for cookies used in HTTPS sessions. This oversight permits remote attackers to intercept and capture sensitive cookies during transmission over HTTP, significantly compromising the security of the affected systems. Ensuring that secure flags are appropriately set is crucial to prevent unauthorized access to sensitive session data.

References

http://rhn.redhat.com/errata/RHSA-2015-0990.html

vendor-advisoryx_refsource_REDHAT

http://lists.fedoraproject.org/pipermail/package-announce...

vendor-advisoryx_refsource_FEDORA

https://bugzilla.redhat.com/attachment.cgi?id=1009855

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 14, 2015
Vulnerability Reserved
Feb 17, 2015