6 matches found
Fedora Update for pcs FEDORA-2015-8765
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
PCS Daemon (pcsd) Cookie Signing Multiple Vulnerabilities
The remote host is affected by multiple vulnerabilities due to a failure by the PCS daemon pcsd to properly set flags in the 'Set-Cookie' header : - A security bypass vulnerability exists due to a failure to set the 'secure' flag. A remote attacker can exploit this to spoof cookies and bypass...
Fedora 21 : pcs-0.9.137-4.fc21 (2015-8788)
Fix for CVE-2015-1848, CVE-2015-3983 sessions not signed Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issue...
Fedora 20 : pcs-0.9.115-3.fc20 (2015-8761)
Fix for CVE-2015-1848, CVE-2015-3983 sessions not signed Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issue...
Fedora 22 : pcs-0.9.139-4.fc22 (2015-8765)
Fix for CVE-2015-1848, CVE-2015-3983 sessions not signed Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issue...
CVE-2015-3983
The PCS vulnerability CVE-2015-3983 is in the PCS daemon (pcsd) where the Set-Cookie header did not include the HttpOnly flag in PCS 0.9.137 and earlier, enabling potential information disclosure via script access to the cookie. The issue is remote and was split from CVE-2015-1848; advisories and...