Design/Logic Flaw

2015-05-1414:59:00

PRIOn knowledge base

www.prio-n.com

6.5 Medium

AI Score

Confidence

Low

0.026 Low

EPSS

Percentile

90.3%

JSON

The pcs daemon (pcsd) in PCS 0.9.137 and earlier does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. NOTE: this issue was SPLIT per ADT2 due to different vulnerability types. CVE-2015-3983 is for the issue with not setting the HTTPOnly flag.

CPENameOperatorVersion
pacemaker_configuration_systemle0.9.137
enterprise_linux_high_availabilityeq6.0
enterprise_linux_high_availabilityeq7.0
enterprise_linux_high_availability_euseq6.6.122
enterprise_linux_high_availability_euseq7.1
enterprise_linux_resilient_storageeq7.0
enterprise_linux_resilient_storageeq6.0
enterprise_linux_resilient_storage_euseq7.1
enterprise_linux_resilient_storage_euseq6.6.122

Name	Operator	Version
pacemaker_configuration_system	le	0.9.137
enterprise_linux_high_availability	eq	6.0
enterprise_linux_high_availability	eq	7.0
enterprise_linux_high_availability_eus	eq	6.6.122
enterprise_linux_high_availability_eus	eq	7.1
enterprise_linux_resilient_storage	eq	7.0
enterprise_linux_resilient_storage	eq	6.0
enterprise_linux_resilient_storage_eus	eq	7.1
enterprise_linux_resilient_storage_eus	eq	6.6.122