CVE-2015-1848

The CVE-2015-1848 entry concerns the PCS daemon (pcsd) in PCS 0.9.137 and earlier failing to set the Secure flag on cookies in HTTPS sessions (CVE-2015-1848); CVE-2015-3983 covers the related issue of not setting the HttpOnly flag. Multiple open-source advisories (Fedora/CentOS and related feeds)...

CVE-2015-3983

The PCS vulnerability CVE-2015-3983 is in the PCS daemon (pcsd) where the Set-Cookie header did not include the HttpOnly flag in PCS 0.9.137 and earlier, enabling potential information disclosure via script access to the cookie. The issue is remote and was split from CVE-2015-1848; advisories and...