Описание
Session fixation vulnerability in pcsd in pcs before 0.9.157.
It was found that pcsd did not invalidate cookies on the server side when a user logged out. This could potentially allow an attacker to perform session fixation attacks on pcsd.
Отчет
This issue is not currently planned to be addressed in future updates of Red Hat Enterprise Linux 6, as the web UI functionality is disabled by default in pcsd.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | pcs | Will not fix | ||
| Red Hat Enterprise Linux 7 | pcs | Fixed | RHSA-2016:2596 | 03.11.2016 |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-613->CWE-384
https://bugzilla.redhat.com/show_bug.cgi?id=1299615pcs: cookies are not invalidated upon logout
4.3 Medium
CVSS2
Связанные уязвимости
CVSS3: 8.1
ubuntu
почти 9 лет назад
Session fixation vulnerability in pcsd in pcs before 0.9.157.
CVSS3: 8.1
nvd
почти 9 лет назад
Session fixation vulnerability in pcsd in pcs before 0.9.157.
CVSS3: 8.1
debian
почти 9 лет назад
Session fixation vulnerability in pcsd in pcs before 0.9.157.
CVSS3: 8.1
github
больше 3 лет назад
Session fixation vulnerability in pcsd in pcs before 0.9.157.
4.3 Medium
CVSS2