CVE-2015-1848 Common Vulnerabilities and Exposures

Upstream information

CVE-2015-1848 at MITRE

Description

The pcs daemon (pcsd) in PCS 0.9.137 and earlier does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. NOTE: this issue was SPLIT per ADT2 due to different vulnerability types. CVE-2015-3983 is for the issue with not setting the HTTPOnly flag.

SUSE information

Overall state of this security issue: Does not affect SUSE products

SUSE Bugzilla entry: 930578 [RESOLVED / FIXED]

No SUSE Security Announcements cross referenced.

List of released packages

Product(s)	Fixed package version(s)	References
SUSE Liberty Linux 7	`pcs >= 0.9.137-13.el7_1.2` `python-clufter >= 0.9.137-13.el7_1.2`	Patchnames: RHSA-2015:0980

SUSE Timeline for this CVE

CVE page created: Fri Oct 7 12:47:04 2022
CVE page last modified: Mon Oct 30 17:16:55 2023