CVE-2015-1848

The pcs daemon (pcsd) in PCS 0.9.137 and earlier does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. NOTE: this issue was SPLIT per ADT2 due to different vulnerability types. CVE-2015-3983 is for the issue with not setting the HTTPOnly flag.

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159374.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159401.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159412.html
http://rhn.redhat.com/errata/RHSA-2015-0980.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-0990.html	Third Party Advisory
http://www.securityfocus.com/bid/74623	Third Party Advisory
https://bugzilla.redhat.com/attachment.cgi?id=1009855	Exploit Issue Tracking

Configurations

Configuration 1 (hide)

cpe:2.3:a:fedora:pacemaker_configuration_system:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:o:redhat:enterprise_linux_high_availability:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_high_availability:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_high_availability_eus:6.6.z:::::::*
	cpe:2.3:o:redhat:enterprise_linux_high_availability_eus:7.1:::::::*
	cpe:2.3:o:redhat:enterprise_linux_resilient_storage:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_resilient_storage:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_resilient_storage_eus:6.6.z:::::::*
	cpe:2.3:o:redhat:enterprise_linux_resilient_storage_eus:7.1:::::::*

History

07 Nov 2023, 02:24

Type	Values Removed	Values Added
Summary	The pcs daemon (pcsd) in PCS 0.9.137 and earlier does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. NOTE: this issue was SPLIT per ADT2 due to different vulnerability types. CVE-2015-3983 is for the issue with not setting the HTTPOnly flag.	The pcs daemon (pcsd) in PCS 0.9.137 and earlier does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. NOTE: this issue was SPLIT per ADT2 due to different vulnerability types. CVE-2015-3983 is for the issue with not setting the HTTPOnly flag.

12 Feb 2023, 23:15

Type	Values Removed	Values Added
References	~~{'url': 'https://access.redhat.com/security/cve/CVE-2015-1848', 'name': 'https://access.redhat.com/security/cve/CVE-2015-1848', 'tags': [], 'refsource': 'MISC'}~~ ~~{'url': 'https://bugzilla.redhat.com/show_bug.cgi?id=1208294', 'name': 'https://bugzilla.redhat.com/show_bug.cgi?id=1208294', 'tags': [], 'refsource': 'MISC'}~~ ~~{'url': 'https://access.redhat.com/errata/RHSA-2015:0990', 'name': 'https://access.redhat.com/errata/RHSA-2015:0990', 'tags': [], 'refsource': 'MISC'}~~ ~~{'url': 'https://access.redhat.com/errata/RHSA-2015:0980', 'name': 'https://access.redhat.com/errata/RHSA-2015:0980', 'tags': [], 'refsource': 'MISC'}~~
Summary	It was found that the pcs daemon did not sign cookies containing session data that were sent to clients connecting via the pcsd web UI. A remote attacker could use this flaw to forge cookies and bypass authorization checks, possibly gaining elevated privileges in the pcsd web UI.	The pcs daemon (pcsd) in PCS 0.9.137 and earlier does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. NOTE: this issue was SPLIT per ADT2 due to different vulnerability types. CVE-2015-3983 is for the issue with not setting the HTTPOnly flag.

02 Feb 2023, 20:20

Type	Values Removed	Values Added
References		(MISC) https://access.redhat.com/security/cve/CVE-2015-1848 - (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1208294 - (MISC) https://access.redhat.com/errata/RHSA-2015:0990 - (MISC) https://access.redhat.com/errata/RHSA-2015:0980 -
Summary	The pcs daemon (pcsd) in PCS 0.9.137 and earlier does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. NOTE: this issue was SPLIT per ADT2 due to different vulnerability types. CVE-2015-3983 is for the issue with not setting the HTTPOnly flag.	It was found that the pcs daemon did not sign cookies containing session data that were sent to clients connecting via the pcsd web UI. A remote attacker could use this flaw to forge cookies and bypass authorization checks, possibly gaining elevated privileges in the pcsd web UI.

Information

Published : 2015-05-14 14:59

Updated : 2023-12-10 11:46

NVD link : CVE-2015-1848

Mitre link : CVE-2015-1848

CVE.ORG link : CVE-2015-1848

JSON object : View

Products Affected

fedora

pacemaker_configuration_system

redhat

enterprise_linux_high_availability
enterprise_linux_resilient_storage
enterprise_linux_resilient_storage_eus
enterprise_linux_high_availability_eus

CWE

CWE-310

Cryptographic Issues

6.8 /10