Vulnerability in Fedora Pacemaker_configuration_system

CVE-2015-3983

The pcs daemon (pcsd) in PCS 0.9.137 and earlier does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. NOTE: thi…

Vulnerability class: POODLE (CVE-2014-3566)

EPSS: 0.006 (69.9th percentile) — read the EPSS interpretation.

Affected products

Fedora Pacemaker_configuration_system
N/a — versions n/a

Weakness classification (CWE)

CWE-310 — Cryptographic Issues

References

RHSA-2015:0990 (x_refsource_REDHAT, vendor-advisory)
FEDORA-2015-8761 (x_refsource_FEDORA, vendor-advisory)
cve@mitre.org (x_refsource_CONFIRM)
RHSA-2015:0980 (x_refsource_REDHAT, vendor-advisory)
FEDORA-2015-8765 (x_refsource_FEDORA, vendor-advisory)
FEDORA-2015-8788 (x_refsource_FEDORA, vendor-advisory)
74682 (vdb-entry, x_refsource_BID)