spacewalk is vulnerable to session fixation. A session fixation flaw was found in the way RHN Satellite Server handled session cookies. An RHN Satellite Server user able to pre-set the session cookie in a victim’s browser to a valid value could use this flaw to hijack the victim’s session after the next log in.
secunia.com/advisories/43487
www.redhat.com/support/errata/RHSA-2011-0300.html
www.securityfocus.com/bid/46528
www.securitytracker.com/id?1025116
www.vupen.com/english/advisories/2011/0491
access.redhat.com/errata/RHSA-2011:0300
access.redhat.com/security/cve/CVE-2011-0717
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=672159
exchange.xforce.ibmcloud.com/vulnerabilities/65658