Lucene search
RedhatCVE-2015-3155HistoryAug 14, 2015 - 6:59 p.m.
CVE-2015-3155
2015-08-1418:59:06
CWE-284
redhat
web.nvd.nist.gov
33
foreman
security
cve-2015-3155
session hijacking
secure flag
cookie
vulnerability
nvd
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.4
Confidence
Low
EPSS
0.006
Percentile
79.1%
Foreman before 1.8.1 does not set the secure flag for the _session_id cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
Affected configurations
Node
theforemanforemanRange≤1.8.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| theforeman | foreman | * | cpe:2.3:a:theforeman:foreman:*:*:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2015-3155
2015-08-14 18:00:00
nvd
nvd
CVE-2015-3155
2015-08-14 18:59:06
prion
prion
Session fixation
2015-08-14 18:59:00
nessus
nessus
RHEL 7 : Satellite Server (RHSA-2015:1591)
2015-09-01 00:00:00
RHEL 6 : Satellite Server (RHSA-2015:1592)
2015-09-01 00:00:00
redhat
redhat
(RHSA-2015:1592) Important: Red Hat Satellite 6.1.1 on RHEL 6
2015-08-12 04:47:35
(RHSA-2015:1591) Important: Red Hat Satellite 6.1.1 on RHEL 7
2015-08-12 04:38:51
veracode
veracode
Incorrect Session Invalidation
2019-05-02 05:42:22
Cross-Site Scripting (XSS)
2019-05-02 05:42:13
Privilege Escalation
2019-05-02 05:42:26
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.4
Confidence
Low
EPSS
0.006
Percentile
79.1%
Related for CVE-2015-3155