CVE-2015-3155

Published: Aug 14, 2015

Modified: Aug 6, 2024

PUBLISHED

Description

Foreman before 1.8.1 does not set the secure flag for the _session_id cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://projects.theforeman.org/issues/10275

x_refsource_CONFIRM

RHSA-2015:1592

vendor-advisory

x_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=1216035

x_refsource_CONFIRM

https://groups.google.com/forum/#%21topic/foreman-announce/QPtN0h04jdo

x_refsource_CONFIRM

RHSA-2015:1591

vendor-advisory

x_refsource_REDHAT

https://github.com/theforeman/foreman/pull/2328

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2015-3155

Description

Affected Products

References