CVE-2015-1848

The pcs daemon (pcsd) in PCS 0.9.137 and earlier does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.  NOTE: this issue was SPLIT per ADT2 due to different vulnerability types. CVE-2015-3983 is for the issue with not setting the HTTPOnly flag.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 77%
VendorProductVersion
fedorapacemaker_configuration_system
𝑥
≤ 0.9.137
redhatenterprise_linux_high_availability
6.0
redhatenterprise_linux_high_availability
7.0
redhatenterprise_linux_high_availability_eus
6.6.z:z
redhatenterprise_linux_high_availability_eus
7.1
redhatenterprise_linux_resilient_storage
6.0
redhatenterprise_linux_resilient_storage
7.0
redhatenterprise_linux_resilient_storage_eus
6.6.z:z
redhatenterprise_linux_resilient_storage_eus
7.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
pcs
bullseye
0.10.8-1+deb11u1
fixed
bullseye (security)
0.10.8-1+deb11u1
fixed
bookworm
0.11.5-1+deb12u1
fixed
sid
0.11.7-2
fixed
trixie
0.11.7-2
fixed
Common Weakness Enumeration
References
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159374.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159401.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159412.html
http://rhn.redhat.com/errata/RHSA-2015-0980.html
http://rhn.redhat.com/errata/RHSA-2015-0990.html
http://www.securityfocus.com/bid/74623
https://bugzilla.redhat.com/attachment.cgi?id=1009855
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159374.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159401.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159412.html
http://rhn.redhat.com/errata/RHSA-2015-0980.html
http://rhn.redhat.com/errata/RHSA-2015-0990.html
http://www.securityfocus.com/bid/74623
https://bugzilla.redhat.com/attachment.cgi?id=1009855