Lucene search
HistoryAug 20, 2013 - 10:55 p.m.
CVE-2013-4964
puppet
enterprise
session cookie
security
cve-2013-4964
6.7 Medium
AI Score
Confidence
High
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.002 Low
EPSS
Percentile
50.7%
Puppet Enterprise before 3.0.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
Related
debiancve
debiancve
CVE-2013-4964
2013-08-20 22:55:00
ubuntucve
ubuntucve
CVE-2013-4964
2013-08-20 00:00:00
prion
prion
Session fixation
2013-08-20 22:55:00
nessus
nessus
Puppet Enterprise < 3.0.1 Multiple Vulnerabilities
2013-10-28 00:00:00
6.7 Medium
AI Score
Confidence
High
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.002 Low
EPSS
Percentile
50.7%
Related for CVE-2013-4964