Fedora Pacemaker Configuration System (PCS) 0.9.137

CPE Details

Fedora Pacemaker Configuration System (PCS) 0.9.137
fedora
pacemaker_configuration_system
0.9.137
2015-05-15
12h33 +00:00
2015-07-31
16h29 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:fedora:pacemaker_configuration_system:0.9.137:*:*:*:*:*:*:*

Informations

Vendor

fedora

Product

pacemaker_configuration_system

Version

0.9.137

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2015-1848 2015-05-14 12h00 +00:00 The pcs daemon (pcsd) in PCS 0.9.137 and earlier does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. NOTE: this issue was SPLIT per ADT2 due to different vulnerability types. CVE-2015-3983 is for the issue with not setting the HTTPOnly flag.
6.8
CVE-2015-3983 2015-05-14 12h00 +00:00 The pcs daemon (pcsd) in PCS 0.9.137 and earlier does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. NOTE: this issue was SPLIT from CVE-2015-1848 per ADT2 due to different vulnerability types.
4.3
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.