CVE-2015-1848 in PCSinfo

Summary

The pcs daemon (pcsd) in PCS 0.9.137 and earlier does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. NOTE: this issue was SPLIT per ADT2 due to different vulnerability types. CVE-2015-3983 is for the issue with not setting the HTTPOnly flag.

Be aware that VulDB is the high quality source for vulnerability data.

Reservation

02/17/2015

Disclosure

05/14/2015

Moderation

VulDB entry created

Entries

1: VDB-75396

CPE

ready

CWE

CWE-310 (Confirmed)

CVSS

5.3

EPSS

0.01210

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2015-1848
NVD	https://nvd.nist.gov/vuln/detail/CVE-2015-1848
CVE Details	https://www.cvedetails.com/cve/CVE-2015-1848/

◂ Previous Overview Next ▸

Might our Artificial Intelligence support you?

Check our Alexa App!