Vulnerability in Fedora Pacemaker_configuration_system
CVE-2015-1848
The pcs daemon (pcsd) in PCS 0.9.137 and earlier does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. NOT…
Vulnerability class: POODLE (CVE-2014-3566)
EPSS: 0.012 (79.3th percentile) — read the EPSS interpretation.
Affected products
- Fedora Pacemaker_configuration_system
- Redhat Enterprise_linux_high_availability — versions 6.0, 7.0
- Redhat Enterprise_linux_high_availability_eus — versions 6.6.z, 7.1
- Redhat Enterprise_linux_resilient_storage — versions 6.0, 7.0
- Redhat Enterprise_linux_resilient_storage_eus — versions 6.6.z, 7.1
- N/a — versions n/a
Weakness classification (CWE)
References
- RHSA-2015:0990 (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
- FEDORA-2015-8761 (x_refsource_FEDORA, vendor-advisory)
- secalert@redhat.com (x_refsource_CONFIRM, Exploit, Issue Tracking)
- RHSA-2015:0980 (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
- FEDORA-2015-8765 (x_refsource_FEDORA, vendor-advisory)
- FEDORA-2015-8788 (x_refsource_FEDORA, vendor-advisory)
- 74623 (Third Party Advisory, vdb-entry, x_refsource_BID)