HTTPOnly Flag Absence in pcsd Affects Red Hat and Fedora Products
CVE-2015-3983

Currently unrated

Key Information:

Vendor

Fedora

Status
Pacemaker Configuration System
Vendor
CVE Published:
14 May 2015

What is CVE-2015-3983?

The pcs daemon (pcsd) prior to version 0.9.137 lacks the HTTPOnly flag in its Set-Cookie header. This oversight allows remote attackers to exploit the absence of this security measure to gain access to sensitive information through script access to cookies. Without the HTTPOnly attribute, cookies may be exposed to cross-site scripting (XSS) attacks, facilitating unauthorized data retrieval and posing security risks for users.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://rhn.redhat.com/errata/RHSA-2015-0990.html
vendor-advisoryx_refsource_REDHAT
http://lists.fedoraproject.org/pipermail/package-announce...
vendor-advisoryx_refsource_FEDORA
https://bugzilla.redhat.com/attachment.cgi?id=1009855
x_refsource_CONFIRM

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.