Описание
Session fixation vulnerability in pcsd in pcs before 0.9.157.
It was found that pcsd did not invalidate cookies on the server side when a user logged out. This could potentially allow an attacker to perform session fixation attacks on pcsd.
Отчет
This issue is not currently planned to be addressed in future updates of Red Hat Enterprise Linux 6, as the web UI functionality is disabled by default in pcsd.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | pcs | Will not fix | ||
| Red Hat Enterprise Linux 7 | pcs | Fixed | RHSA-2016:2596 | 03.11.2016 |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-613->CWE-384
https://bugzilla.redhat.com/show_bug.cgi?id=1299615pcs: cookies are not invalidated upon logout
EPSS
Процентиль: 63%
0.00445
Низкий
4.3 Medium
CVSS2
Связанные уязвимости
CVSS3: 8.1
ubuntu
больше 8 лет назад
Session fixation vulnerability in pcsd in pcs before 0.9.157.
CVSS3: 8.1
nvd
больше 8 лет назад
Session fixation vulnerability in pcsd in pcs before 0.9.157.
CVSS3: 8.1
debian
больше 8 лет назад
Session fixation vulnerability in pcsd in pcs before 0.9.157.
CVSS3: 8.1
github
больше 3 лет назад
Session fixation vulnerability in pcsd in pcs before 0.9.157.
EPSS
Процентиль: 63%
0.00445
Низкий
4.3 Medium
CVSS2