Lucene search

PRIOn knowledge basePRION:CVE-2013-4964

HistoryAug 20, 2013 - 10:55 p.m.

Session fixation

2013-08-2022:55:00

PRIOn knowledge base

www.prio-n.com

7 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

44.4%

JSON

Puppet Enterprise before 3.0.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.

CPENameOperatorVersion
puppet_enterpriseeq2.5.1
puppet_enterpriseeq2.5.2
puppet_enterpriseeq2.8.1
puppet_enterpriseeq2.8.2
puppet_enterpriseeq2.8.3
puppet_enterpriseeq2.8.0
puppet_enterprisele3.0.0

Name	Operator	Version
puppet_enterprise	eq	2.5.1
puppet_enterprise	eq	2.5.2
puppet_enterprise	eq	2.8.1
puppet_enterprise	eq	2.8.2
puppet_enterprise	eq	2.8.3
puppet_enterprise	eq	2.8.0
puppet_enterprise	le	3.0.0

References

puppetlabs.com/security/cve/cve-2013-4964/

7 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

44.4%

JSON

Related for PRION:CVE-2013-4964