Lucene search
HistoryAug 14, 2015 - 6:59 p.m.
CVE-2015-3155
foreman
security
cve-2015-3155
session hijacking
secure flag
cookie
vulnerability
nvd
6.4 Medium
AI Score
Confidence
Low
5 Medium
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.006 Low
EPSS
Percentile
79.0%
Foreman before 1.8.1 does not set the secure flag for the _session_id cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
Affected configurations
Node
theforemanforemanRange≤1.8.0
| CPE | Name | Operator | Version |
|---|---|---|---|
| theforeman:foreman | theforeman foreman | le | 1.8.0 |
Related
prion
prion
Session fixation
2015-08-14 18:59:00
cvelist
cvelist
CVE-2015-3155
2015-08-14 18:00:00
nvd
nvd
CVE-2015-3155
2015-08-14 18:59:06
redhat
redhat
(RHSA-2015:1592) Important: Red Hat Satellite 6.1.1 on RHEL 6
2015-08-12 04:47:35
(RHSA-2015:1591) Important: Red Hat Satellite 6.1.1 on RHEL 7
2015-08-12 04:38:51
veracode
veracode
Incorrect Session Invalidation
2019-05-02 05:42:22
Man-In-The-Middle (MitM)
2019-05-02 05:42:16
Privilege Escalation
2019-05-02 05:42:19
nessus
nessus
RHEL 7 : Satellite Server (RHSA-2015:1591)
2015-09-01 00:00:00
RHEL 6 : Satellite Server (RHSA-2015:1592)
2015-09-01 00:00:00
6.4 Medium
AI Score
Confidence
Low
5 Medium
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.006 Low
EPSS
Percentile
79.0%
Related for CVE-2015-3155