Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveMitreCVE-2015-3983
HistoryMay 14, 2015 - 2:59 p.m.

CVE-2015-3983

2015-05-1414:59:12
CWE-310
mitre
web.nvd.nist.gov
33
cve-2015-3983
pcs daemon
pcsd
set-cookie
httponly
remote attackers
sensitive information
vulnerability

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

5.9

Confidence

Low

EPSS

0.026

Percentile

90.3%

JSON

The pcs daemon (pcsd) in PCS 0.9.137 and earlier does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. NOTE: this issue was SPLIT from CVE-2015-1848 per ADT2 due to different vulnerability types.

Affected configurations

Nvd
Node
fedorapacemaker_configuration_systemRange0.9.137
VendorProductVersionCPE
fedorapacemaker_configuration_system*cpe:2.3:a:fedora:pacemaker_configuration_system:*:*:*:*:*:*:*:*

Related

debiancve 2
fedora 3
nessus 10
openvas 5
nvd 2
veracode 2
centos 2
prion 2
cvelist 2
redhat 2
cve 1
debiancve
debiancve
CVE-2015-3983
2015-05-14 14:59:12
CVE-2015-1848
2015-05-14 14:59:07
fedora
fedora
[SECURITY] Fedora 20 Update: pcs-0.9.115-3.fc20
2015-06-04 20:11:38
[SECURITY] Fedora 22 Update: pcs-0.9.139-4.fc22
2015-06-04 20:18:02
[SECURITY] Fedora 21 Update: pcs-0.9.137-4.fc21
2015-06-04 20:16:31
nessus
nessus
Fedora 20 : pcs-0.9.115-3.fc20 (2015-8761)
2015-06-05 00:00:00
CentOS 6 : pcs (CESA-2015:0990)
2015-05-13 00:00:00
RHEL 6 : pcs (RHSA-2015:0990)
2015-05-13 00:00:00
openvas
openvas
Fedora Update for pcs FEDORA-2015-8765
2015-07-07 00:00:00
Fedora Update for pcs FEDORA-2015-8788
2015-06-09 00:00:00
Fedora Update for pcs FEDORA-2015-8761
2015-06-09 00:00:00
nvd
nvd
CVE-2015-3983
2015-05-14 14:59:12
CVE-2015-1848
2015-05-14 14:59:07
veracode
veracode
SSL Cookie Without Secure Flag
2019-01-15 09:05:55
Information Disclosure
2019-05-02 05:39:10
centos
centos
pcs, python security update
2015-05-13 00:53:35
pcs security update
2015-05-12 20:48:49
prion
prion
Design/Logic Flaw
2015-05-14 14:59:00
Design/Logic Flaw
2015-05-14 14:59:00
cvelist
cvelist
CVE-2015-3983
2015-05-14 14:00:00
CVE-2015-1848
2015-05-14 14:00:00
redhat
redhat
(RHSA-2015:0980) Important: pcs security and bug fix update
2015-05-12 00:00:00
(RHSA-2015:0990) Important: pcs security and bug fix update
2015-05-12 00:00:00
cve
cve
CVE-2015-1848
2015-05-14 14:59:07

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

5.9

Confidence

Low

EPSS

0.026

Percentile

90.3%

JSON
Related for CVE-2015-3983
debiancve2fedora3nessus10openvas5nvd2veracode2centos2prion2cvelist2redhat2cve1