Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2013-4964HistoryAug 20, 2013 - 10:55 p.m.
CVE-2013-4964
2013-08-2022:55:04
Debian Security Bug Tracker
security-tracker.debian.org
6
puppet enterprise
session cookie
vulnerability
https
remote attackers
interception
http session
unix
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
EPSS
0.002
Percentile
55.4%
Puppet Enterprise before 3.0.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 11 | all | puppet | < 5.5.22-2 | puppet_5.5.22-2_all.deb |
Related
cve
cve
CVE-2013-4964
2013-08-20 22:55:04
cvelist
cvelist
CVE-2013-4964
2013-08-20 22:00:00
ubuntucve
ubuntucve
CVE-2013-4964
2013-08-20 00:00:00
prion
prion
Session fixation
2013-08-20 22:55:00
nvd
nvd
CVE-2013-4964
2013-08-20 22:55:04
nessus
nessus
Puppet Enterprise < 3.0.1 Multiple Vulnerabilities
2013-10-28 00:00:00
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
EPSS
0.002
Percentile
55.4%
Related for DEBIANCVE:CVE-2013-4964