Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2015-1848 (GCVE-0-2015-1848)
Vulnerability from cvelistv5 – Published: 2015-05-14 14:00 – Updated: 2024-08-06 04:54
VLAI?
EPSS
Summary
The pcs daemon (pcsd) in PCS 0.9.137 and earlier does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. NOTE: this issue was SPLIT per ADT2 due to different vulnerability types. CVE-2015-3983 is for the issue with not setting the HTTPOnly flag.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:54:16.367Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2015:0990",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0990.html"
},
{
"name": "FEDORA-2015-8761",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159374.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/attachment.cgi?id=1009855"
},
{
"name": "RHSA-2015:0980",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0980.html"
},
{
"name": "FEDORA-2015-8765",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159412.html"
},
{
"name": "FEDORA-2015-8788",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159401.html"
},
{
"name": "74623",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/74623"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-05-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The pcs daemon (pcsd) in PCS 0.9.137 and earlier does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. NOTE: this issue was SPLIT per ADT2 due to different vulnerability types. CVE-2015-3983 is for the issue with not setting the HTTPOnly flag."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-29T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2015:0990",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0990.html"
},
{
"name": "FEDORA-2015-8761",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159374.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/attachment.cgi?id=1009855"
},
{
"name": "RHSA-2015:0980",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0980.html"
},
{
"name": "FEDORA-2015-8765",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159412.html"
},
{
"name": "FEDORA-2015-8788",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159401.html"
},
{
"name": "74623",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/74623"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-1848",
"datePublished": "2015-05-14T14:00:00",
"dateReserved": "2015-02-17T00:00:00",
"dateUpdated": "2024-08-06T04:54:16.367Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fedora:pacemaker_configuration_system:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"0.9.137\", \"matchCriteriaId\": \"E8A6579C-9633-4842-972F-4392053D9D73\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_high_availability:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E5ACB0BE-6736-4644-86B1-77AA9E5B8AEF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_high_availability:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F92715C0-6341-4617-9F61-C87907D1C3F8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_high_availability_eus:6.6.z:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"01885365-42EB-4519-B331-B30CE1D5968B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_high_availability_eus:7.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EF7EA768-C917-4A14-B599-B8615A532B18\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_resilient_storage:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B284C97C-AEF7-4431-8A02-E0EA5B991FE0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_resilient_storage:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F66BE726-A258-42D7-B23A-925F50FDF449\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_resilient_storage_eus:6.6.z:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FC8BA03B-6E9A-46DC-B979-B8C522269F15\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_resilient_storage_eus:7.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"94594B19-900E-4F56-BDB8-3C9681656C84\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"The pcs daemon (pcsd) in PCS 0.9.137 and earlier does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. NOTE: this issue was SPLIT per ADT2 due to different vulnerability types. CVE-2015-3983 is for the issue with not setting the HTTPOnly flag.\"}, {\"lang\": \"es\", \"value\": \"El demonio pcs (pcsd) en PCS 0.9.137 y anteriores no establece el indicador de seguridad en una cookie de sesi\\u00f3n https, lo cual hace m\\u00e1s f\\u00e1cil a atacantes remotos capturar dicha cookie interceptando la transmisi\\u00f3n dentro de una sesi\\u00f3n http. NOTA: este problema ha sido dividido (SPLIT) por ADT2 debido a diferentes tipos de vulnerabilidad. CVE-2015-3983 es para el problema con no configurar el indicador HTTPOnly.\"}]",
"id": "CVE-2015-1848",
"lastModified": "2024-11-21T02:26:15.890",
"metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 6.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2015-05-14T14:59:07.897",
"references": "[{\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159374.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159401.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159412.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2015-0980.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2015-0990.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/74623\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/attachment.cgi?id=1009855\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Exploit\", \"Issue Tracking\"]}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159374.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159401.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159412.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2015-0980.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2015-0990.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/74623\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/attachment.cgi?id=1009855\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Issue Tracking\"]}]",
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-310\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2015-1848\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2015-05-14T14:59:07.897\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The pcs daemon (pcsd) in PCS 0.9.137 and earlier does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. NOTE: this issue was SPLIT per ADT2 due to different vulnerability types. CVE-2015-3983 is for the issue with not setting the HTTPOnly flag.\"},{\"lang\":\"es\",\"value\":\"El demonio pcs (pcsd) en PCS 0.9.137 y anteriores no establece el indicador de seguridad en una cookie de sesi\u00f3n https, lo cual hace m\u00e1s f\u00e1cil a atacantes remotos capturar dicha cookie interceptando la transmisi\u00f3n dentro de una sesi\u00f3n http. NOTA: este problema ha sido dividido (SPLIT) por ADT2 debido a diferentes tipos de vulnerabilidad. CVE-2015-3983 es para el problema con no configurar el indicador HTTPOnly.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-310\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fedora:pacemaker_configuration_system:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"0.9.137\",\"matchCriteriaId\":\"E8A6579C-9633-4842-972F-4392053D9D73\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_high_availability:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E5ACB0BE-6736-4644-86B1-77AA9E5B8AEF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_high_availability:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F92715C0-6341-4617-9F61-C87907D1C3F8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_high_availability_eus:6.6.z:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"01885365-42EB-4519-B331-B30CE1D5968B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_high_availability_eus:7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EF7EA768-C917-4A14-B599-B8615A532B18\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_resilient_storage:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B284C97C-AEF7-4431-8A02-E0EA5B991FE0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_resilient_storage:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F66BE726-A258-42D7-B23A-925F50FDF449\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_resilient_storage_eus:6.6.z:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FC8BA03B-6E9A-46DC-B979-B8C522269F15\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_resilient_storage_eus:7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"94594B19-900E-4F56-BDB8-3C9681656C84\"}]}]}],\"references\":[{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159374.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159401.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159412.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-0980.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-0990.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/74623\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/attachment.cgi?id=1009855\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Exploit\",\"Issue Tracking\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159374.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159401.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159412.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-0980.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-0990.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/74623\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/attachment.cgi?id=1009855\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\"]}]}}"
}
}
GHSA-WQR4-6Q63-33FP
Vulnerability from github – Published: 2022-05-17 03:12 – Updated: 2022-05-17 03:12
VLAI?
Details
The pcs daemon (pcsd) in PCS 0.9.137 and earlier does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. NOTE: this issue was SPLIT per ADT2 due to different vulnerability types. CVE-2015-3983 is for the issue with not setting the HTTPOnly flag.
{
"affected": [],
"aliases": [
"CVE-2015-1848"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2015-05-14T14:59:00Z",
"severity": "MODERATE"
},
"details": "The pcs daemon (pcsd) in PCS 0.9.137 and earlier does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. NOTE: this issue was SPLIT per ADT2 due to different vulnerability types. CVE-2015-3983 is for the issue with not setting the HTTPOnly flag.",
"id": "GHSA-wqr4-6q63-33fp",
"modified": "2022-05-17T03:12:23Z",
"published": "2022-05-17T03:12:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1848"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2015:0980"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2015:0990"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2015-1848"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/attachment.cgi?id=1009855"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1208294"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159374.html"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159401.html"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159412.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0980.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0990.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/74623"
}
],
"schema_version": "1.4.0",
"severity": []
}
CNVD-2015-03258
Vulnerability from cnvd - Published: 2015-05-21
VLAI Severity ?
Title
Red Hat PCS后台程序敏感cookie信息泄露漏洞
Description
Red Hat是一款基于linux内核的操作系统。
Red Hat PCS的PCSD后台程序未能正确设置https会话中cookie的安全标记,允许远程攻击者利用漏洞通过截获通信获取敏感信息。
Severity
中
Patch Name
Red Hat PCS后台程序敏感cookie信息泄露漏洞的补丁
Patch Description
Red Hat是一款基于linux内核的操作系统。
Red Hat PCS的PCSD后台程序未能正确设置https会话中cookie的安全标记,允许远程攻击者利用漏洞通过截获通信获取敏感信息。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://rhn.redhat.com/errata/RHSA-2015-0990.html
Reference
https://bugzilla.redhat.com/attachment.cgi?id=1009855
Impacted products
| Name | Red Hat PCS 0.9.137 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2015-1848"
}
},
"description": "Red Hat\u662f\u4e00\u6b3e\u57fa\u4e8elinux\u5185\u6838\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nRed Hat PCS\u7684PCSD\u540e\u53f0\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u8bbe\u7f6ehttps\u4f1a\u8bdd\u4e2dcookie\u7684\u5b89\u5168\u6807\u8bb0\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u901a\u8fc7\u622a\u83b7\u901a\u4fe1\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002",
"discovererName": "Red Hat",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\nhttp://rhn.redhat.com/errata/RHSA-2015-0990.html",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2015-03258",
"openTime": "2015-05-21",
"patchDescription": "Red Hat\u662f\u4e00\u6b3e\u57fa\u4e8elinux\u5185\u6838\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nRed Hat PCS\u7684PCSD\u540e\u53f0\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u8bbe\u7f6ehttps\u4f1a\u8bdd\u4e2dcookie\u7684\u5b89\u5168\u6807\u8bb0\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u901a\u8fc7\u622a\u83b7\u901a\u4fe1\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Red Hat PCS\u540e\u53f0\u7a0b\u5e8f\u654f\u611fcookie\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "Red Hat PCS 0.9.137"
},
"referenceLink": "https://bugzilla.redhat.com/attachment.cgi?id=1009855",
"serverity": "\u4e2d",
"submitTime": "2015-05-19",
"title": "Red Hat PCS\u540e\u53f0\u7a0b\u5e8f\u654f\u611fcookie\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}
RHSA-2015:0980
Vulnerability from csaf_redhat - Published: 2015-05-12 15:44 - Updated: 2025-11-21 17:52Summary
Red Hat Security Advisory: pcs security and bug fix update
Notes
Topic
Updated pcs packages that fix one security issue and one bug are now
available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having Important security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.
Details
The pcs packages provide a command-line tool and a web UI to configure and
manage the Pacemaker and Corosync tools.
It was found that the pcs daemon did not sign cookies containing session
data that were sent to clients connecting via the pcsd web UI. A remote
attacker could use this flaw to forge cookies and bypass authorization
checks, possibly gaining elevated privileges in the pcsd web UI.
(CVE-2015-1848)
This issue was discovered by Tomas Jelinek of Red Hat.
This update also fixes the following bug:
* Previously, the Corosync tool allowed the two_node option and the
auto_tie_breaker option to exist in the corosync.conf file at the same
time. As a consequence, if both options were included, auto_tie_breaker was
silently ignored and the two_node fence race decided which node would
survive in the event of a communication break. With this update, the pcs
daemon has been fixed so that it does not produce corosync.conf files with
both two_node and auto_tie_breaker included. In addition, if both two_node
and auto_tie_breaker are detected in corosync.conf, Corosync issues a
message at start-up and disables two_node mode. As a result,
auto_tie_breaker effectively overrides two_node mode if both options are
specified. (BZ#1205848)
All pcs users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. After installing the
updated packages, the pcsd daemon will be restarted automatically.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated pcs packages that fix one security issue and one bug are now\navailable for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Important security\nimpact. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available from the CVE link in the\nReferences section.",
"title": "Topic"
},
{
"category": "general",
"text": "The pcs packages provide a command-line tool and a web UI to configure and\nmanage the Pacemaker and Corosync tools.\n\nIt was found that the pcs daemon did not sign cookies containing session\ndata that were sent to clients connecting via the pcsd web UI. A remote\nattacker could use this flaw to forge cookies and bypass authorization\nchecks, possibly gaining elevated privileges in the pcsd web UI.\n(CVE-2015-1848)\n\nThis issue was discovered by Tomas Jelinek of Red Hat.\n\nThis update also fixes the following bug:\n\n* Previously, the Corosync tool allowed the two_node option and the\nauto_tie_breaker option to exist in the corosync.conf file at the same\ntime. As a consequence, if both options were included, auto_tie_breaker was\nsilently ignored and the two_node fence race decided which node would\nsurvive in the event of a communication break. With this update, the pcs\ndaemon has been fixed so that it does not produce corosync.conf files with\nboth two_node and auto_tie_breaker included. In addition, if both two_node\nand auto_tie_breaker are detected in corosync.conf, Corosync issues a\nmessage at start-up and disables two_node mode. As a result,\nauto_tie_breaker effectively overrides two_node mode if both options are\nspecified. (BZ#1205848)\n\nAll pcs users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing the\nupdated packages, the pcsd daemon will be restarted automatically.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2015:0980",
"url": "https://access.redhat.com/errata/RHSA-2015:0980"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1208294",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1208294"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2015/rhsa-2015_0980.json"
}
],
"title": "Red Hat Security Advisory: pcs security and bug fix update",
"tracking": {
"current_release_date": "2025-11-21T17:52:26+00:00",
"generator": {
"date": "2025-11-21T17:52:26+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2015:0980",
"initial_release_date": "2015-05-12T15:44:49+00:00",
"revision_history": [
{
"date": "2015-05-12T15:44:49+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2015-05-12T15:44:49+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T17:52:26+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server High Availability (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Server High Availability (v. 7)",
"product_id": "7Server-HighAvailability-7.1.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Resilient Storage (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Server Resilient Storage (v. 7)",
"product_id": "7Server-ResilientStorage-7.1.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::server"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "pcs-0:0.9.137-13.el7_1.2.x86_64",
"product": {
"name": "pcs-0:0.9.137-13.el7_1.2.x86_64",
"product_id": "pcs-0:0.9.137-13.el7_1.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcs@0.9.137-13.el7_1.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "pcs-debuginfo-0:0.9.137-13.el7_1.2.x86_64",
"product": {
"name": "pcs-debuginfo-0:0.9.137-13.el7_1.2.x86_64",
"product_id": "pcs-debuginfo-0:0.9.137-13.el7_1.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcs-debuginfo@0.9.137-13.el7_1.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python-clufter-0:0.9.137-13.el7_1.2.x86_64",
"product": {
"name": "python-clufter-0:0.9.137-13.el7_1.2.x86_64",
"product_id": "python-clufter-0:0.9.137-13.el7_1.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-clufter@0.9.137-13.el7_1.2?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "pcs-0:0.9.137-13.el7_1.2.src",
"product": {
"name": "pcs-0:0.9.137-13.el7_1.2.src",
"product_id": "pcs-0:0.9.137-13.el7_1.2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcs@0.9.137-13.el7_1.2?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-0:0.9.137-13.el7_1.2.src as a component of Red Hat Enterprise Linux Server High Availability (v. 7)",
"product_id": "7Server-HighAvailability-7.1.Z:pcs-0:0.9.137-13.el7_1.2.src"
},
"product_reference": "pcs-0:0.9.137-13.el7_1.2.src",
"relates_to_product_reference": "7Server-HighAvailability-7.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-0:0.9.137-13.el7_1.2.x86_64 as a component of Red Hat Enterprise Linux Server High Availability (v. 7)",
"product_id": "7Server-HighAvailability-7.1.Z:pcs-0:0.9.137-13.el7_1.2.x86_64"
},
"product_reference": "pcs-0:0.9.137-13.el7_1.2.x86_64",
"relates_to_product_reference": "7Server-HighAvailability-7.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-debuginfo-0:0.9.137-13.el7_1.2.x86_64 as a component of Red Hat Enterprise Linux Server High Availability (v. 7)",
"product_id": "7Server-HighAvailability-7.1.Z:pcs-debuginfo-0:0.9.137-13.el7_1.2.x86_64"
},
"product_reference": "pcs-debuginfo-0:0.9.137-13.el7_1.2.x86_64",
"relates_to_product_reference": "7Server-HighAvailability-7.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-clufter-0:0.9.137-13.el7_1.2.x86_64 as a component of Red Hat Enterprise Linux Server High Availability (v. 7)",
"product_id": "7Server-HighAvailability-7.1.Z:python-clufter-0:0.9.137-13.el7_1.2.x86_64"
},
"product_reference": "python-clufter-0:0.9.137-13.el7_1.2.x86_64",
"relates_to_product_reference": "7Server-HighAvailability-7.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-0:0.9.137-13.el7_1.2.src as a component of Red Hat Enterprise Linux Server Resilient Storage (v. 7)",
"product_id": "7Server-ResilientStorage-7.1.Z:pcs-0:0.9.137-13.el7_1.2.src"
},
"product_reference": "pcs-0:0.9.137-13.el7_1.2.src",
"relates_to_product_reference": "7Server-ResilientStorage-7.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-0:0.9.137-13.el7_1.2.x86_64 as a component of Red Hat Enterprise Linux Server Resilient Storage (v. 7)",
"product_id": "7Server-ResilientStorage-7.1.Z:pcs-0:0.9.137-13.el7_1.2.x86_64"
},
"product_reference": "pcs-0:0.9.137-13.el7_1.2.x86_64",
"relates_to_product_reference": "7Server-ResilientStorage-7.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-debuginfo-0:0.9.137-13.el7_1.2.x86_64 as a component of Red Hat Enterprise Linux Server Resilient Storage (v. 7)",
"product_id": "7Server-ResilientStorage-7.1.Z:pcs-debuginfo-0:0.9.137-13.el7_1.2.x86_64"
},
"product_reference": "pcs-debuginfo-0:0.9.137-13.el7_1.2.x86_64",
"relates_to_product_reference": "7Server-ResilientStorage-7.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-clufter-0:0.9.137-13.el7_1.2.x86_64 as a component of Red Hat Enterprise Linux Server Resilient Storage (v. 7)",
"product_id": "7Server-ResilientStorage-7.1.Z:python-clufter-0:0.9.137-13.el7_1.2.x86_64"
},
"product_reference": "python-clufter-0:0.9.137-13.el7_1.2.x86_64",
"relates_to_product_reference": "7Server-ResilientStorage-7.1.Z"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Tomas Jelinek"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2015-1848",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2015-03-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1208294"
}
],
"notes": [
{
"category": "description",
"text": "It was found that the pcs daemon did not sign cookies containing session data that were sent to clients connecting via the pcsd web UI. A remote attacker could use this flaw to forge cookies and bypass authorization checks, possibly gaining elevated privileges in the pcsd web UI.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pcs: improper web session variable signing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-HighAvailability-7.1.Z:pcs-0:0.9.137-13.el7_1.2.src",
"7Server-HighAvailability-7.1.Z:pcs-0:0.9.137-13.el7_1.2.x86_64",
"7Server-HighAvailability-7.1.Z:pcs-debuginfo-0:0.9.137-13.el7_1.2.x86_64",
"7Server-HighAvailability-7.1.Z:python-clufter-0:0.9.137-13.el7_1.2.x86_64",
"7Server-ResilientStorage-7.1.Z:pcs-0:0.9.137-13.el7_1.2.src",
"7Server-ResilientStorage-7.1.Z:pcs-0:0.9.137-13.el7_1.2.x86_64",
"7Server-ResilientStorage-7.1.Z:pcs-debuginfo-0:0.9.137-13.el7_1.2.x86_64",
"7Server-ResilientStorage-7.1.Z:python-clufter-0:0.9.137-13.el7_1.2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1848"
},
{
"category": "external",
"summary": "RHBZ#1208294",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1208294"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1848",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1848"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1848",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1848"
}
],
"release_date": "2015-05-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-05-12T15:44:49+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-HighAvailability-7.1.Z:pcs-0:0.9.137-13.el7_1.2.src",
"7Server-HighAvailability-7.1.Z:pcs-0:0.9.137-13.el7_1.2.x86_64",
"7Server-HighAvailability-7.1.Z:pcs-debuginfo-0:0.9.137-13.el7_1.2.x86_64",
"7Server-HighAvailability-7.1.Z:python-clufter-0:0.9.137-13.el7_1.2.x86_64",
"7Server-ResilientStorage-7.1.Z:pcs-0:0.9.137-13.el7_1.2.src",
"7Server-ResilientStorage-7.1.Z:pcs-0:0.9.137-13.el7_1.2.x86_64",
"7Server-ResilientStorage-7.1.Z:pcs-debuginfo-0:0.9.137-13.el7_1.2.x86_64",
"7Server-ResilientStorage-7.1.Z:python-clufter-0:0.9.137-13.el7_1.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0980"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"7Server-HighAvailability-7.1.Z:pcs-0:0.9.137-13.el7_1.2.src",
"7Server-HighAvailability-7.1.Z:pcs-0:0.9.137-13.el7_1.2.x86_64",
"7Server-HighAvailability-7.1.Z:pcs-debuginfo-0:0.9.137-13.el7_1.2.x86_64",
"7Server-HighAvailability-7.1.Z:python-clufter-0:0.9.137-13.el7_1.2.x86_64",
"7Server-ResilientStorage-7.1.Z:pcs-0:0.9.137-13.el7_1.2.src",
"7Server-ResilientStorage-7.1.Z:pcs-0:0.9.137-13.el7_1.2.x86_64",
"7Server-ResilientStorage-7.1.Z:pcs-debuginfo-0:0.9.137-13.el7_1.2.x86_64",
"7Server-ResilientStorage-7.1.Z:python-clufter-0:0.9.137-13.el7_1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "pcs: improper web session variable signing"
},
{
"acknowledgments": [
{
"names": [
"Tomas Jelinek"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2015-3983",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2015-03-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1208294"
}
],
"notes": [
{
"category": "description",
"text": "It was found that the pcs daemon did not sign cookies containing session data that were sent to clients connecting via the pcsd web UI. A remote attacker could use this flaw to forge cookies and bypass authorization checks, possibly gaining elevated privileges in the pcsd web UI.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pcs: improper web session variable signing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-HighAvailability-7.1.Z:pcs-0:0.9.137-13.el7_1.2.src",
"7Server-HighAvailability-7.1.Z:pcs-0:0.9.137-13.el7_1.2.x86_64",
"7Server-HighAvailability-7.1.Z:pcs-debuginfo-0:0.9.137-13.el7_1.2.x86_64",
"7Server-HighAvailability-7.1.Z:python-clufter-0:0.9.137-13.el7_1.2.x86_64",
"7Server-ResilientStorage-7.1.Z:pcs-0:0.9.137-13.el7_1.2.src",
"7Server-ResilientStorage-7.1.Z:pcs-0:0.9.137-13.el7_1.2.x86_64",
"7Server-ResilientStorage-7.1.Z:pcs-debuginfo-0:0.9.137-13.el7_1.2.x86_64",
"7Server-ResilientStorage-7.1.Z:python-clufter-0:0.9.137-13.el7_1.2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-3983"
},
{
"category": "external",
"summary": "RHBZ#1208294",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1208294"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-3983",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3983"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-3983",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3983"
}
],
"release_date": "2015-05-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-05-12T15:44:49+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-HighAvailability-7.1.Z:pcs-0:0.9.137-13.el7_1.2.src",
"7Server-HighAvailability-7.1.Z:pcs-0:0.9.137-13.el7_1.2.x86_64",
"7Server-HighAvailability-7.1.Z:pcs-debuginfo-0:0.9.137-13.el7_1.2.x86_64",
"7Server-HighAvailability-7.1.Z:python-clufter-0:0.9.137-13.el7_1.2.x86_64",
"7Server-ResilientStorage-7.1.Z:pcs-0:0.9.137-13.el7_1.2.src",
"7Server-ResilientStorage-7.1.Z:pcs-0:0.9.137-13.el7_1.2.x86_64",
"7Server-ResilientStorage-7.1.Z:pcs-debuginfo-0:0.9.137-13.el7_1.2.x86_64",
"7Server-ResilientStorage-7.1.Z:python-clufter-0:0.9.137-13.el7_1.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0980"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"7Server-HighAvailability-7.1.Z:pcs-0:0.9.137-13.el7_1.2.src",
"7Server-HighAvailability-7.1.Z:pcs-0:0.9.137-13.el7_1.2.x86_64",
"7Server-HighAvailability-7.1.Z:pcs-debuginfo-0:0.9.137-13.el7_1.2.x86_64",
"7Server-HighAvailability-7.1.Z:python-clufter-0:0.9.137-13.el7_1.2.x86_64",
"7Server-ResilientStorage-7.1.Z:pcs-0:0.9.137-13.el7_1.2.src",
"7Server-ResilientStorage-7.1.Z:pcs-0:0.9.137-13.el7_1.2.x86_64",
"7Server-ResilientStorage-7.1.Z:pcs-debuginfo-0:0.9.137-13.el7_1.2.x86_64",
"7Server-ResilientStorage-7.1.Z:python-clufter-0:0.9.137-13.el7_1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "pcs: improper web session variable signing"
}
]
}
RHSA-2015:0990
Vulnerability from csaf_redhat - Published: 2015-05-12 17:59 - Updated: 2025-11-21 17:52Summary
Red Hat Security Advisory: pcs security and bug fix update
Notes
Topic
Updated pcs packages that fix one security issue and one bug are now
available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having Important security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.
Details
The pcs packages provide a command-line tool and a web UI to configure and
manage the Pacemaker and Corosync tools.
It was found that the pcs daemon did not sign cookies containing session
data that were sent to clients connecting via the pcsd web UI. A remote
attacker could use this flaw to forge cookies and bypass authorization
checks, possibly gaining elevated privileges in the pcsd web UI. Note: the
pcsd web UI is not enabled by default. (CVE-2015-1848)
This issue was discovered by Tomas Jelinek of Red Hat.
This update also fixes the following bug:
* When the IPv6 protocol was disabled on a system, starting the pcsd daemon
on this system previously failed. This update adds the ability for pcsd to
fall back to IPv4 when IPv6 is not available. As a result, pcsd starts
properly and uses IPv4 if IPv6 is disabled. (BZ#1212115)
All pcs users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. After installing the
updated packages, the pcsd daemon will be restarted automatically.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated pcs packages that fix one security issue and one bug are now\navailable for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Important security\nimpact. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available from the CVE link in the\nReferences section.",
"title": "Topic"
},
{
"category": "general",
"text": "The pcs packages provide a command-line tool and a web UI to configure and\nmanage the Pacemaker and Corosync tools.\n\nIt was found that the pcs daemon did not sign cookies containing session\ndata that were sent to clients connecting via the pcsd web UI. A remote\nattacker could use this flaw to forge cookies and bypass authorization\nchecks, possibly gaining elevated privileges in the pcsd web UI. Note: the\npcsd web UI is not enabled by default. (CVE-2015-1848)\n\nThis issue was discovered by Tomas Jelinek of Red Hat.\n\nThis update also fixes the following bug:\n\n* When the IPv6 protocol was disabled on a system, starting the pcsd daemon\non this system previously failed. This update adds the ability for pcsd to\nfall back to IPv4 when IPv6 is not available. As a result, pcsd starts\nproperly and uses IPv4 if IPv6 is disabled. (BZ#1212115)\n\nAll pcs users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing the\nupdated packages, the pcsd daemon will be restarted automatically.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2015:0990",
"url": "https://access.redhat.com/errata/RHSA-2015:0990"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1208294",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1208294"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2015/rhsa-2015_0990.json"
}
],
"title": "Red Hat Security Advisory: pcs security and bug fix update",
"tracking": {
"current_release_date": "2025-11-21T17:52:28+00:00",
"generator": {
"date": "2025-11-21T17:52:28+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2015:0990",
"initial_release_date": "2015-05-12T17:59:13+00:00",
"revision_history": [
{
"date": "2015-05-12T17:59:13+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2015-05-12T17:59:13+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T17:52:28+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux High Availability (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux High Availability (v. 6)",
"product_id": "6Server-HighAvailability-6.6.z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Resilient Storage (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Resilient Storage (v. 6)",
"product_id": "6Server-ResilientStorage-6.6.z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::server"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "pcs-debuginfo-0:0.9.123-9.el6_6.2.i686",
"product": {
"name": "pcs-debuginfo-0:0.9.123-9.el6_6.2.i686",
"product_id": "pcs-debuginfo-0:0.9.123-9.el6_6.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcs-debuginfo@0.9.123-9.el6_6.2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "pcs-0:0.9.123-9.el6_6.2.i686",
"product": {
"name": "pcs-0:0.9.123-9.el6_6.2.i686",
"product_id": "pcs-0:0.9.123-9.el6_6.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcs@0.9.123-9.el6_6.2?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "pcs-0:0.9.123-9.el6_6.2.src",
"product": {
"name": "pcs-0:0.9.123-9.el6_6.2.src",
"product_id": "pcs-0:0.9.123-9.el6_6.2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcs@0.9.123-9.el6_6.2?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "pcs-debuginfo-0:0.9.123-9.el6_6.2.x86_64",
"product": {
"name": "pcs-debuginfo-0:0.9.123-9.el6_6.2.x86_64",
"product_id": "pcs-debuginfo-0:0.9.123-9.el6_6.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcs-debuginfo@0.9.123-9.el6_6.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "pcs-0:0.9.123-9.el6_6.2.x86_64",
"product": {
"name": "pcs-0:0.9.123-9.el6_6.2.x86_64",
"product_id": "pcs-0:0.9.123-9.el6_6.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcs@0.9.123-9.el6_6.2?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-0:0.9.123-9.el6_6.2.i686 as a component of Red Hat Enterprise Linux High Availability (v. 6)",
"product_id": "6Server-HighAvailability-6.6.z:pcs-0:0.9.123-9.el6_6.2.i686"
},
"product_reference": "pcs-0:0.9.123-9.el6_6.2.i686",
"relates_to_product_reference": "6Server-HighAvailability-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-0:0.9.123-9.el6_6.2.src as a component of Red Hat Enterprise Linux High Availability (v. 6)",
"product_id": "6Server-HighAvailability-6.6.z:pcs-0:0.9.123-9.el6_6.2.src"
},
"product_reference": "pcs-0:0.9.123-9.el6_6.2.src",
"relates_to_product_reference": "6Server-HighAvailability-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-0:0.9.123-9.el6_6.2.x86_64 as a component of Red Hat Enterprise Linux High Availability (v. 6)",
"product_id": "6Server-HighAvailability-6.6.z:pcs-0:0.9.123-9.el6_6.2.x86_64"
},
"product_reference": "pcs-0:0.9.123-9.el6_6.2.x86_64",
"relates_to_product_reference": "6Server-HighAvailability-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-debuginfo-0:0.9.123-9.el6_6.2.i686 as a component of Red Hat Enterprise Linux High Availability (v. 6)",
"product_id": "6Server-HighAvailability-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.i686"
},
"product_reference": "pcs-debuginfo-0:0.9.123-9.el6_6.2.i686",
"relates_to_product_reference": "6Server-HighAvailability-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-debuginfo-0:0.9.123-9.el6_6.2.x86_64 as a component of Red Hat Enterprise Linux High Availability (v. 6)",
"product_id": "6Server-HighAvailability-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.x86_64"
},
"product_reference": "pcs-debuginfo-0:0.9.123-9.el6_6.2.x86_64",
"relates_to_product_reference": "6Server-HighAvailability-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-0:0.9.123-9.el6_6.2.i686 as a component of Red Hat Enterprise Linux Resilient Storage (v. 6)",
"product_id": "6Server-ResilientStorage-6.6.z:pcs-0:0.9.123-9.el6_6.2.i686"
},
"product_reference": "pcs-0:0.9.123-9.el6_6.2.i686",
"relates_to_product_reference": "6Server-ResilientStorage-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-0:0.9.123-9.el6_6.2.src as a component of Red Hat Enterprise Linux Resilient Storage (v. 6)",
"product_id": "6Server-ResilientStorage-6.6.z:pcs-0:0.9.123-9.el6_6.2.src"
},
"product_reference": "pcs-0:0.9.123-9.el6_6.2.src",
"relates_to_product_reference": "6Server-ResilientStorage-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-0:0.9.123-9.el6_6.2.x86_64 as a component of Red Hat Enterprise Linux Resilient Storage (v. 6)",
"product_id": "6Server-ResilientStorage-6.6.z:pcs-0:0.9.123-9.el6_6.2.x86_64"
},
"product_reference": "pcs-0:0.9.123-9.el6_6.2.x86_64",
"relates_to_product_reference": "6Server-ResilientStorage-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-debuginfo-0:0.9.123-9.el6_6.2.i686 as a component of Red Hat Enterprise Linux Resilient Storage (v. 6)",
"product_id": "6Server-ResilientStorage-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.i686"
},
"product_reference": "pcs-debuginfo-0:0.9.123-9.el6_6.2.i686",
"relates_to_product_reference": "6Server-ResilientStorage-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-debuginfo-0:0.9.123-9.el6_6.2.x86_64 as a component of Red Hat Enterprise Linux Resilient Storage (v. 6)",
"product_id": "6Server-ResilientStorage-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.x86_64"
},
"product_reference": "pcs-debuginfo-0:0.9.123-9.el6_6.2.x86_64",
"relates_to_product_reference": "6Server-ResilientStorage-6.6.z"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Tomas Jelinek"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2015-1848",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2015-03-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1208294"
}
],
"notes": [
{
"category": "description",
"text": "It was found that the pcs daemon did not sign cookies containing session data that were sent to clients connecting via the pcsd web UI. A remote attacker could use this flaw to forge cookies and bypass authorization checks, possibly gaining elevated privileges in the pcsd web UI.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pcs: improper web session variable signing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-HighAvailability-6.6.z:pcs-0:0.9.123-9.el6_6.2.i686",
"6Server-HighAvailability-6.6.z:pcs-0:0.9.123-9.el6_6.2.src",
"6Server-HighAvailability-6.6.z:pcs-0:0.9.123-9.el6_6.2.x86_64",
"6Server-HighAvailability-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.i686",
"6Server-HighAvailability-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.x86_64",
"6Server-ResilientStorage-6.6.z:pcs-0:0.9.123-9.el6_6.2.i686",
"6Server-ResilientStorage-6.6.z:pcs-0:0.9.123-9.el6_6.2.src",
"6Server-ResilientStorage-6.6.z:pcs-0:0.9.123-9.el6_6.2.x86_64",
"6Server-ResilientStorage-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.i686",
"6Server-ResilientStorage-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1848"
},
{
"category": "external",
"summary": "RHBZ#1208294",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1208294"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1848",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1848"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1848",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1848"
}
],
"release_date": "2015-05-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-05-12T17:59:13+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-HighAvailability-6.6.z:pcs-0:0.9.123-9.el6_6.2.i686",
"6Server-HighAvailability-6.6.z:pcs-0:0.9.123-9.el6_6.2.src",
"6Server-HighAvailability-6.6.z:pcs-0:0.9.123-9.el6_6.2.x86_64",
"6Server-HighAvailability-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.i686",
"6Server-HighAvailability-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.x86_64",
"6Server-ResilientStorage-6.6.z:pcs-0:0.9.123-9.el6_6.2.i686",
"6Server-ResilientStorage-6.6.z:pcs-0:0.9.123-9.el6_6.2.src",
"6Server-ResilientStorage-6.6.z:pcs-0:0.9.123-9.el6_6.2.x86_64",
"6Server-ResilientStorage-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.i686",
"6Server-ResilientStorage-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0990"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Server-HighAvailability-6.6.z:pcs-0:0.9.123-9.el6_6.2.i686",
"6Server-HighAvailability-6.6.z:pcs-0:0.9.123-9.el6_6.2.src",
"6Server-HighAvailability-6.6.z:pcs-0:0.9.123-9.el6_6.2.x86_64",
"6Server-HighAvailability-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.i686",
"6Server-HighAvailability-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.x86_64",
"6Server-ResilientStorage-6.6.z:pcs-0:0.9.123-9.el6_6.2.i686",
"6Server-ResilientStorage-6.6.z:pcs-0:0.9.123-9.el6_6.2.src",
"6Server-ResilientStorage-6.6.z:pcs-0:0.9.123-9.el6_6.2.x86_64",
"6Server-ResilientStorage-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.i686",
"6Server-ResilientStorage-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "pcs: improper web session variable signing"
},
{
"acknowledgments": [
{
"names": [
"Tomas Jelinek"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2015-3983",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2015-03-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1208294"
}
],
"notes": [
{
"category": "description",
"text": "It was found that the pcs daemon did not sign cookies containing session data that were sent to clients connecting via the pcsd web UI. A remote attacker could use this flaw to forge cookies and bypass authorization checks, possibly gaining elevated privileges in the pcsd web UI.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pcs: improper web session variable signing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-HighAvailability-6.6.z:pcs-0:0.9.123-9.el6_6.2.i686",
"6Server-HighAvailability-6.6.z:pcs-0:0.9.123-9.el6_6.2.src",
"6Server-HighAvailability-6.6.z:pcs-0:0.9.123-9.el6_6.2.x86_64",
"6Server-HighAvailability-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.i686",
"6Server-HighAvailability-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.x86_64",
"6Server-ResilientStorage-6.6.z:pcs-0:0.9.123-9.el6_6.2.i686",
"6Server-ResilientStorage-6.6.z:pcs-0:0.9.123-9.el6_6.2.src",
"6Server-ResilientStorage-6.6.z:pcs-0:0.9.123-9.el6_6.2.x86_64",
"6Server-ResilientStorage-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.i686",
"6Server-ResilientStorage-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-3983"
},
{
"category": "external",
"summary": "RHBZ#1208294",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1208294"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-3983",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3983"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-3983",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3983"
}
],
"release_date": "2015-05-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-05-12T17:59:13+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-HighAvailability-6.6.z:pcs-0:0.9.123-9.el6_6.2.i686",
"6Server-HighAvailability-6.6.z:pcs-0:0.9.123-9.el6_6.2.src",
"6Server-HighAvailability-6.6.z:pcs-0:0.9.123-9.el6_6.2.x86_64",
"6Server-HighAvailability-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.i686",
"6Server-HighAvailability-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.x86_64",
"6Server-ResilientStorage-6.6.z:pcs-0:0.9.123-9.el6_6.2.i686",
"6Server-ResilientStorage-6.6.z:pcs-0:0.9.123-9.el6_6.2.src",
"6Server-ResilientStorage-6.6.z:pcs-0:0.9.123-9.el6_6.2.x86_64",
"6Server-ResilientStorage-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.i686",
"6Server-ResilientStorage-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0990"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Server-HighAvailability-6.6.z:pcs-0:0.9.123-9.el6_6.2.i686",
"6Server-HighAvailability-6.6.z:pcs-0:0.9.123-9.el6_6.2.src",
"6Server-HighAvailability-6.6.z:pcs-0:0.9.123-9.el6_6.2.x86_64",
"6Server-HighAvailability-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.i686",
"6Server-HighAvailability-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.x86_64",
"6Server-ResilientStorage-6.6.z:pcs-0:0.9.123-9.el6_6.2.i686",
"6Server-ResilientStorage-6.6.z:pcs-0:0.9.123-9.el6_6.2.src",
"6Server-ResilientStorage-6.6.z:pcs-0:0.9.123-9.el6_6.2.x86_64",
"6Server-ResilientStorage-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.i686",
"6Server-ResilientStorage-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "pcs: improper web session variable signing"
}
]
}
RHSA-2015_0980
Vulnerability from csaf_redhat - Published: 2015-05-12 15:44 - Updated: 2024-11-22 09:06Summary
Red Hat Security Advisory: pcs security and bug fix update
Notes
Topic
Updated pcs packages that fix one security issue and one bug are now
available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having Important security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.
Details
The pcs packages provide a command-line tool and a web UI to configure and
manage the Pacemaker and Corosync tools.
It was found that the pcs daemon did not sign cookies containing session
data that were sent to clients connecting via the pcsd web UI. A remote
attacker could use this flaw to forge cookies and bypass authorization
checks, possibly gaining elevated privileges in the pcsd web UI.
(CVE-2015-1848)
This issue was discovered by Tomas Jelinek of Red Hat.
This update also fixes the following bug:
* Previously, the Corosync tool allowed the two_node option and the
auto_tie_breaker option to exist in the corosync.conf file at the same
time. As a consequence, if both options were included, auto_tie_breaker was
silently ignored and the two_node fence race decided which node would
survive in the event of a communication break. With this update, the pcs
daemon has been fixed so that it does not produce corosync.conf files with
both two_node and auto_tie_breaker included. In addition, if both two_node
and auto_tie_breaker are detected in corosync.conf, Corosync issues a
message at start-up and disables two_node mode. As a result,
auto_tie_breaker effectively overrides two_node mode if both options are
specified. (BZ#1205848)
All pcs users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. After installing the
updated packages, the pcsd daemon will be restarted automatically.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated pcs packages that fix one security issue and one bug are now\navailable for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Important security\nimpact. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available from the CVE link in the\nReferences section.",
"title": "Topic"
},
{
"category": "general",
"text": "The pcs packages provide a command-line tool and a web UI to configure and\nmanage the Pacemaker and Corosync tools.\n\nIt was found that the pcs daemon did not sign cookies containing session\ndata that were sent to clients connecting via the pcsd web UI. A remote\nattacker could use this flaw to forge cookies and bypass authorization\nchecks, possibly gaining elevated privileges in the pcsd web UI.\n(CVE-2015-1848)\n\nThis issue was discovered by Tomas Jelinek of Red Hat.\n\nThis update also fixes the following bug:\n\n* Previously, the Corosync tool allowed the two_node option and the\nauto_tie_breaker option to exist in the corosync.conf file at the same\ntime. As a consequence, if both options were included, auto_tie_breaker was\nsilently ignored and the two_node fence race decided which node would\nsurvive in the event of a communication break. With this update, the pcs\ndaemon has been fixed so that it does not produce corosync.conf files with\nboth two_node and auto_tie_breaker included. In addition, if both two_node\nand auto_tie_breaker are detected in corosync.conf, Corosync issues a\nmessage at start-up and disables two_node mode. As a result,\nauto_tie_breaker effectively overrides two_node mode if both options are\nspecified. (BZ#1205848)\n\nAll pcs users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing the\nupdated packages, the pcsd daemon will be restarted automatically.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2015:0980",
"url": "https://access.redhat.com/errata/RHSA-2015:0980"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1208294",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1208294"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2015/rhsa-2015_0980.json"
}
],
"title": "Red Hat Security Advisory: pcs security and bug fix update",
"tracking": {
"current_release_date": "2024-11-22T09:06:19+00:00",
"generator": {
"date": "2024-11-22T09:06:19+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2015:0980",
"initial_release_date": "2015-05-12T15:44:49+00:00",
"revision_history": [
{
"date": "2015-05-12T15:44:49+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2015-05-12T15:44:49+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T09:06:19+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server High Availability (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Server High Availability (v. 7)",
"product_id": "7Server-HighAvailability-7.1.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Resilient Storage (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Server Resilient Storage (v. 7)",
"product_id": "7Server-ResilientStorage-7.1.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::server"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "pcs-0:0.9.137-13.el7_1.2.x86_64",
"product": {
"name": "pcs-0:0.9.137-13.el7_1.2.x86_64",
"product_id": "pcs-0:0.9.137-13.el7_1.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcs@0.9.137-13.el7_1.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "pcs-debuginfo-0:0.9.137-13.el7_1.2.x86_64",
"product": {
"name": "pcs-debuginfo-0:0.9.137-13.el7_1.2.x86_64",
"product_id": "pcs-debuginfo-0:0.9.137-13.el7_1.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcs-debuginfo@0.9.137-13.el7_1.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python-clufter-0:0.9.137-13.el7_1.2.x86_64",
"product": {
"name": "python-clufter-0:0.9.137-13.el7_1.2.x86_64",
"product_id": "python-clufter-0:0.9.137-13.el7_1.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-clufter@0.9.137-13.el7_1.2?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "pcs-0:0.9.137-13.el7_1.2.src",
"product": {
"name": "pcs-0:0.9.137-13.el7_1.2.src",
"product_id": "pcs-0:0.9.137-13.el7_1.2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcs@0.9.137-13.el7_1.2?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-0:0.9.137-13.el7_1.2.src as a component of Red Hat Enterprise Linux Server High Availability (v. 7)",
"product_id": "7Server-HighAvailability-7.1.Z:pcs-0:0.9.137-13.el7_1.2.src"
},
"product_reference": "pcs-0:0.9.137-13.el7_1.2.src",
"relates_to_product_reference": "7Server-HighAvailability-7.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-0:0.9.137-13.el7_1.2.x86_64 as a component of Red Hat Enterprise Linux Server High Availability (v. 7)",
"product_id": "7Server-HighAvailability-7.1.Z:pcs-0:0.9.137-13.el7_1.2.x86_64"
},
"product_reference": "pcs-0:0.9.137-13.el7_1.2.x86_64",
"relates_to_product_reference": "7Server-HighAvailability-7.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-debuginfo-0:0.9.137-13.el7_1.2.x86_64 as a component of Red Hat Enterprise Linux Server High Availability (v. 7)",
"product_id": "7Server-HighAvailability-7.1.Z:pcs-debuginfo-0:0.9.137-13.el7_1.2.x86_64"
},
"product_reference": "pcs-debuginfo-0:0.9.137-13.el7_1.2.x86_64",
"relates_to_product_reference": "7Server-HighAvailability-7.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-clufter-0:0.9.137-13.el7_1.2.x86_64 as a component of Red Hat Enterprise Linux Server High Availability (v. 7)",
"product_id": "7Server-HighAvailability-7.1.Z:python-clufter-0:0.9.137-13.el7_1.2.x86_64"
},
"product_reference": "python-clufter-0:0.9.137-13.el7_1.2.x86_64",
"relates_to_product_reference": "7Server-HighAvailability-7.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-0:0.9.137-13.el7_1.2.src as a component of Red Hat Enterprise Linux Server Resilient Storage (v. 7)",
"product_id": "7Server-ResilientStorage-7.1.Z:pcs-0:0.9.137-13.el7_1.2.src"
},
"product_reference": "pcs-0:0.9.137-13.el7_1.2.src",
"relates_to_product_reference": "7Server-ResilientStorage-7.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-0:0.9.137-13.el7_1.2.x86_64 as a component of Red Hat Enterprise Linux Server Resilient Storage (v. 7)",
"product_id": "7Server-ResilientStorage-7.1.Z:pcs-0:0.9.137-13.el7_1.2.x86_64"
},
"product_reference": "pcs-0:0.9.137-13.el7_1.2.x86_64",
"relates_to_product_reference": "7Server-ResilientStorage-7.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-debuginfo-0:0.9.137-13.el7_1.2.x86_64 as a component of Red Hat Enterprise Linux Server Resilient Storage (v. 7)",
"product_id": "7Server-ResilientStorage-7.1.Z:pcs-debuginfo-0:0.9.137-13.el7_1.2.x86_64"
},
"product_reference": "pcs-debuginfo-0:0.9.137-13.el7_1.2.x86_64",
"relates_to_product_reference": "7Server-ResilientStorage-7.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-clufter-0:0.9.137-13.el7_1.2.x86_64 as a component of Red Hat Enterprise Linux Server Resilient Storage (v. 7)",
"product_id": "7Server-ResilientStorage-7.1.Z:python-clufter-0:0.9.137-13.el7_1.2.x86_64"
},
"product_reference": "python-clufter-0:0.9.137-13.el7_1.2.x86_64",
"relates_to_product_reference": "7Server-ResilientStorage-7.1.Z"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Tomas Jelinek"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2015-1848",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2015-03-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1208294"
}
],
"notes": [
{
"category": "description",
"text": "It was found that the pcs daemon did not sign cookies containing session data that were sent to clients connecting via the pcsd web UI. A remote attacker could use this flaw to forge cookies and bypass authorization checks, possibly gaining elevated privileges in the pcsd web UI.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pcs: improper web session variable signing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-HighAvailability-7.1.Z:pcs-0:0.9.137-13.el7_1.2.src",
"7Server-HighAvailability-7.1.Z:pcs-0:0.9.137-13.el7_1.2.x86_64",
"7Server-HighAvailability-7.1.Z:pcs-debuginfo-0:0.9.137-13.el7_1.2.x86_64",
"7Server-HighAvailability-7.1.Z:python-clufter-0:0.9.137-13.el7_1.2.x86_64",
"7Server-ResilientStorage-7.1.Z:pcs-0:0.9.137-13.el7_1.2.src",
"7Server-ResilientStorage-7.1.Z:pcs-0:0.9.137-13.el7_1.2.x86_64",
"7Server-ResilientStorage-7.1.Z:pcs-debuginfo-0:0.9.137-13.el7_1.2.x86_64",
"7Server-ResilientStorage-7.1.Z:python-clufter-0:0.9.137-13.el7_1.2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1848"
},
{
"category": "external",
"summary": "RHBZ#1208294",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1208294"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1848",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1848"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1848",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1848"
}
],
"release_date": "2015-05-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-05-12T15:44:49+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-HighAvailability-7.1.Z:pcs-0:0.9.137-13.el7_1.2.src",
"7Server-HighAvailability-7.1.Z:pcs-0:0.9.137-13.el7_1.2.x86_64",
"7Server-HighAvailability-7.1.Z:pcs-debuginfo-0:0.9.137-13.el7_1.2.x86_64",
"7Server-HighAvailability-7.1.Z:python-clufter-0:0.9.137-13.el7_1.2.x86_64",
"7Server-ResilientStorage-7.1.Z:pcs-0:0.9.137-13.el7_1.2.src",
"7Server-ResilientStorage-7.1.Z:pcs-0:0.9.137-13.el7_1.2.x86_64",
"7Server-ResilientStorage-7.1.Z:pcs-debuginfo-0:0.9.137-13.el7_1.2.x86_64",
"7Server-ResilientStorage-7.1.Z:python-clufter-0:0.9.137-13.el7_1.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0980"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"7Server-HighAvailability-7.1.Z:pcs-0:0.9.137-13.el7_1.2.src",
"7Server-HighAvailability-7.1.Z:pcs-0:0.9.137-13.el7_1.2.x86_64",
"7Server-HighAvailability-7.1.Z:pcs-debuginfo-0:0.9.137-13.el7_1.2.x86_64",
"7Server-HighAvailability-7.1.Z:python-clufter-0:0.9.137-13.el7_1.2.x86_64",
"7Server-ResilientStorage-7.1.Z:pcs-0:0.9.137-13.el7_1.2.src",
"7Server-ResilientStorage-7.1.Z:pcs-0:0.9.137-13.el7_1.2.x86_64",
"7Server-ResilientStorage-7.1.Z:pcs-debuginfo-0:0.9.137-13.el7_1.2.x86_64",
"7Server-ResilientStorage-7.1.Z:python-clufter-0:0.9.137-13.el7_1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "pcs: improper web session variable signing"
},
{
"acknowledgments": [
{
"names": [
"Tomas Jelinek"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2015-3983",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2015-03-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1208294"
}
],
"notes": [
{
"category": "description",
"text": "It was found that the pcs daemon did not sign cookies containing session data that were sent to clients connecting via the pcsd web UI. A remote attacker could use this flaw to forge cookies and bypass authorization checks, possibly gaining elevated privileges in the pcsd web UI.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pcs: improper web session variable signing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-HighAvailability-7.1.Z:pcs-0:0.9.137-13.el7_1.2.src",
"7Server-HighAvailability-7.1.Z:pcs-0:0.9.137-13.el7_1.2.x86_64",
"7Server-HighAvailability-7.1.Z:pcs-debuginfo-0:0.9.137-13.el7_1.2.x86_64",
"7Server-HighAvailability-7.1.Z:python-clufter-0:0.9.137-13.el7_1.2.x86_64",
"7Server-ResilientStorage-7.1.Z:pcs-0:0.9.137-13.el7_1.2.src",
"7Server-ResilientStorage-7.1.Z:pcs-0:0.9.137-13.el7_1.2.x86_64",
"7Server-ResilientStorage-7.1.Z:pcs-debuginfo-0:0.9.137-13.el7_1.2.x86_64",
"7Server-ResilientStorage-7.1.Z:python-clufter-0:0.9.137-13.el7_1.2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-3983"
},
{
"category": "external",
"summary": "RHBZ#1208294",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1208294"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-3983",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3983"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-3983",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3983"
}
],
"release_date": "2015-05-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-05-12T15:44:49+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-HighAvailability-7.1.Z:pcs-0:0.9.137-13.el7_1.2.src",
"7Server-HighAvailability-7.1.Z:pcs-0:0.9.137-13.el7_1.2.x86_64",
"7Server-HighAvailability-7.1.Z:pcs-debuginfo-0:0.9.137-13.el7_1.2.x86_64",
"7Server-HighAvailability-7.1.Z:python-clufter-0:0.9.137-13.el7_1.2.x86_64",
"7Server-ResilientStorage-7.1.Z:pcs-0:0.9.137-13.el7_1.2.src",
"7Server-ResilientStorage-7.1.Z:pcs-0:0.9.137-13.el7_1.2.x86_64",
"7Server-ResilientStorage-7.1.Z:pcs-debuginfo-0:0.9.137-13.el7_1.2.x86_64",
"7Server-ResilientStorage-7.1.Z:python-clufter-0:0.9.137-13.el7_1.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0980"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"7Server-HighAvailability-7.1.Z:pcs-0:0.9.137-13.el7_1.2.src",
"7Server-HighAvailability-7.1.Z:pcs-0:0.9.137-13.el7_1.2.x86_64",
"7Server-HighAvailability-7.1.Z:pcs-debuginfo-0:0.9.137-13.el7_1.2.x86_64",
"7Server-HighAvailability-7.1.Z:python-clufter-0:0.9.137-13.el7_1.2.x86_64",
"7Server-ResilientStorage-7.1.Z:pcs-0:0.9.137-13.el7_1.2.src",
"7Server-ResilientStorage-7.1.Z:pcs-0:0.9.137-13.el7_1.2.x86_64",
"7Server-ResilientStorage-7.1.Z:pcs-debuginfo-0:0.9.137-13.el7_1.2.x86_64",
"7Server-ResilientStorage-7.1.Z:python-clufter-0:0.9.137-13.el7_1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "pcs: improper web session variable signing"
}
]
}
RHSA-2015_0990
Vulnerability from csaf_redhat - Published: 2015-05-12 17:59 - Updated: 2024-11-22 09:06Summary
Red Hat Security Advisory: pcs security and bug fix update
Notes
Topic
Updated pcs packages that fix one security issue and one bug are now
available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having Important security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.
Details
The pcs packages provide a command-line tool and a web UI to configure and
manage the Pacemaker and Corosync tools.
It was found that the pcs daemon did not sign cookies containing session
data that were sent to clients connecting via the pcsd web UI. A remote
attacker could use this flaw to forge cookies and bypass authorization
checks, possibly gaining elevated privileges in the pcsd web UI. Note: the
pcsd web UI is not enabled by default. (CVE-2015-1848)
This issue was discovered by Tomas Jelinek of Red Hat.
This update also fixes the following bug:
* When the IPv6 protocol was disabled on a system, starting the pcsd daemon
on this system previously failed. This update adds the ability for pcsd to
fall back to IPv4 when IPv6 is not available. As a result, pcsd starts
properly and uses IPv4 if IPv6 is disabled. (BZ#1212115)
All pcs users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. After installing the
updated packages, the pcsd daemon will be restarted automatically.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated pcs packages that fix one security issue and one bug are now\navailable for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Important security\nimpact. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available from the CVE link in the\nReferences section.",
"title": "Topic"
},
{
"category": "general",
"text": "The pcs packages provide a command-line tool and a web UI to configure and\nmanage the Pacemaker and Corosync tools.\n\nIt was found that the pcs daemon did not sign cookies containing session\ndata that were sent to clients connecting via the pcsd web UI. A remote\nattacker could use this flaw to forge cookies and bypass authorization\nchecks, possibly gaining elevated privileges in the pcsd web UI. Note: the\npcsd web UI is not enabled by default. (CVE-2015-1848)\n\nThis issue was discovered by Tomas Jelinek of Red Hat.\n\nThis update also fixes the following bug:\n\n* When the IPv6 protocol was disabled on a system, starting the pcsd daemon\non this system previously failed. This update adds the ability for pcsd to\nfall back to IPv4 when IPv6 is not available. As a result, pcsd starts\nproperly and uses IPv4 if IPv6 is disabled. (BZ#1212115)\n\nAll pcs users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing the\nupdated packages, the pcsd daemon will be restarted automatically.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2015:0990",
"url": "https://access.redhat.com/errata/RHSA-2015:0990"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1208294",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1208294"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2015/rhsa-2015_0990.json"
}
],
"title": "Red Hat Security Advisory: pcs security and bug fix update",
"tracking": {
"current_release_date": "2024-11-22T09:06:13+00:00",
"generator": {
"date": "2024-11-22T09:06:13+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2015:0990",
"initial_release_date": "2015-05-12T17:59:13+00:00",
"revision_history": [
{
"date": "2015-05-12T17:59:13+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2015-05-12T17:59:13+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T09:06:13+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux High Availability (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux High Availability (v. 6)",
"product_id": "6Server-HighAvailability-6.6.z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Resilient Storage (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Resilient Storage (v. 6)",
"product_id": "6Server-ResilientStorage-6.6.z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::server"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "pcs-debuginfo-0:0.9.123-9.el6_6.2.i686",
"product": {
"name": "pcs-debuginfo-0:0.9.123-9.el6_6.2.i686",
"product_id": "pcs-debuginfo-0:0.9.123-9.el6_6.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcs-debuginfo@0.9.123-9.el6_6.2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "pcs-0:0.9.123-9.el6_6.2.i686",
"product": {
"name": "pcs-0:0.9.123-9.el6_6.2.i686",
"product_id": "pcs-0:0.9.123-9.el6_6.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcs@0.9.123-9.el6_6.2?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "pcs-0:0.9.123-9.el6_6.2.src",
"product": {
"name": "pcs-0:0.9.123-9.el6_6.2.src",
"product_id": "pcs-0:0.9.123-9.el6_6.2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcs@0.9.123-9.el6_6.2?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "pcs-debuginfo-0:0.9.123-9.el6_6.2.x86_64",
"product": {
"name": "pcs-debuginfo-0:0.9.123-9.el6_6.2.x86_64",
"product_id": "pcs-debuginfo-0:0.9.123-9.el6_6.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcs-debuginfo@0.9.123-9.el6_6.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "pcs-0:0.9.123-9.el6_6.2.x86_64",
"product": {
"name": "pcs-0:0.9.123-9.el6_6.2.x86_64",
"product_id": "pcs-0:0.9.123-9.el6_6.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcs@0.9.123-9.el6_6.2?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-0:0.9.123-9.el6_6.2.i686 as a component of Red Hat Enterprise Linux High Availability (v. 6)",
"product_id": "6Server-HighAvailability-6.6.z:pcs-0:0.9.123-9.el6_6.2.i686"
},
"product_reference": "pcs-0:0.9.123-9.el6_6.2.i686",
"relates_to_product_reference": "6Server-HighAvailability-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-0:0.9.123-9.el6_6.2.src as a component of Red Hat Enterprise Linux High Availability (v. 6)",
"product_id": "6Server-HighAvailability-6.6.z:pcs-0:0.9.123-9.el6_6.2.src"
},
"product_reference": "pcs-0:0.9.123-9.el6_6.2.src",
"relates_to_product_reference": "6Server-HighAvailability-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-0:0.9.123-9.el6_6.2.x86_64 as a component of Red Hat Enterprise Linux High Availability (v. 6)",
"product_id": "6Server-HighAvailability-6.6.z:pcs-0:0.9.123-9.el6_6.2.x86_64"
},
"product_reference": "pcs-0:0.9.123-9.el6_6.2.x86_64",
"relates_to_product_reference": "6Server-HighAvailability-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-debuginfo-0:0.9.123-9.el6_6.2.i686 as a component of Red Hat Enterprise Linux High Availability (v. 6)",
"product_id": "6Server-HighAvailability-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.i686"
},
"product_reference": "pcs-debuginfo-0:0.9.123-9.el6_6.2.i686",
"relates_to_product_reference": "6Server-HighAvailability-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-debuginfo-0:0.9.123-9.el6_6.2.x86_64 as a component of Red Hat Enterprise Linux High Availability (v. 6)",
"product_id": "6Server-HighAvailability-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.x86_64"
},
"product_reference": "pcs-debuginfo-0:0.9.123-9.el6_6.2.x86_64",
"relates_to_product_reference": "6Server-HighAvailability-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-0:0.9.123-9.el6_6.2.i686 as a component of Red Hat Enterprise Linux Resilient Storage (v. 6)",
"product_id": "6Server-ResilientStorage-6.6.z:pcs-0:0.9.123-9.el6_6.2.i686"
},
"product_reference": "pcs-0:0.9.123-9.el6_6.2.i686",
"relates_to_product_reference": "6Server-ResilientStorage-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-0:0.9.123-9.el6_6.2.src as a component of Red Hat Enterprise Linux Resilient Storage (v. 6)",
"product_id": "6Server-ResilientStorage-6.6.z:pcs-0:0.9.123-9.el6_6.2.src"
},
"product_reference": "pcs-0:0.9.123-9.el6_6.2.src",
"relates_to_product_reference": "6Server-ResilientStorage-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-0:0.9.123-9.el6_6.2.x86_64 as a component of Red Hat Enterprise Linux Resilient Storage (v. 6)",
"product_id": "6Server-ResilientStorage-6.6.z:pcs-0:0.9.123-9.el6_6.2.x86_64"
},
"product_reference": "pcs-0:0.9.123-9.el6_6.2.x86_64",
"relates_to_product_reference": "6Server-ResilientStorage-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-debuginfo-0:0.9.123-9.el6_6.2.i686 as a component of Red Hat Enterprise Linux Resilient Storage (v. 6)",
"product_id": "6Server-ResilientStorage-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.i686"
},
"product_reference": "pcs-debuginfo-0:0.9.123-9.el6_6.2.i686",
"relates_to_product_reference": "6Server-ResilientStorage-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-debuginfo-0:0.9.123-9.el6_6.2.x86_64 as a component of Red Hat Enterprise Linux Resilient Storage (v. 6)",
"product_id": "6Server-ResilientStorage-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.x86_64"
},
"product_reference": "pcs-debuginfo-0:0.9.123-9.el6_6.2.x86_64",
"relates_to_product_reference": "6Server-ResilientStorage-6.6.z"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Tomas Jelinek"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2015-1848",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2015-03-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1208294"
}
],
"notes": [
{
"category": "description",
"text": "It was found that the pcs daemon did not sign cookies containing session data that were sent to clients connecting via the pcsd web UI. A remote attacker could use this flaw to forge cookies and bypass authorization checks, possibly gaining elevated privileges in the pcsd web UI.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pcs: improper web session variable signing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-HighAvailability-6.6.z:pcs-0:0.9.123-9.el6_6.2.i686",
"6Server-HighAvailability-6.6.z:pcs-0:0.9.123-9.el6_6.2.src",
"6Server-HighAvailability-6.6.z:pcs-0:0.9.123-9.el6_6.2.x86_64",
"6Server-HighAvailability-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.i686",
"6Server-HighAvailability-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.x86_64",
"6Server-ResilientStorage-6.6.z:pcs-0:0.9.123-9.el6_6.2.i686",
"6Server-ResilientStorage-6.6.z:pcs-0:0.9.123-9.el6_6.2.src",
"6Server-ResilientStorage-6.6.z:pcs-0:0.9.123-9.el6_6.2.x86_64",
"6Server-ResilientStorage-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.i686",
"6Server-ResilientStorage-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1848"
},
{
"category": "external",
"summary": "RHBZ#1208294",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1208294"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1848",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1848"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1848",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1848"
}
],
"release_date": "2015-05-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-05-12T17:59:13+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-HighAvailability-6.6.z:pcs-0:0.9.123-9.el6_6.2.i686",
"6Server-HighAvailability-6.6.z:pcs-0:0.9.123-9.el6_6.2.src",
"6Server-HighAvailability-6.6.z:pcs-0:0.9.123-9.el6_6.2.x86_64",
"6Server-HighAvailability-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.i686",
"6Server-HighAvailability-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.x86_64",
"6Server-ResilientStorage-6.6.z:pcs-0:0.9.123-9.el6_6.2.i686",
"6Server-ResilientStorage-6.6.z:pcs-0:0.9.123-9.el6_6.2.src",
"6Server-ResilientStorage-6.6.z:pcs-0:0.9.123-9.el6_6.2.x86_64",
"6Server-ResilientStorage-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.i686",
"6Server-ResilientStorage-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0990"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Server-HighAvailability-6.6.z:pcs-0:0.9.123-9.el6_6.2.i686",
"6Server-HighAvailability-6.6.z:pcs-0:0.9.123-9.el6_6.2.src",
"6Server-HighAvailability-6.6.z:pcs-0:0.9.123-9.el6_6.2.x86_64",
"6Server-HighAvailability-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.i686",
"6Server-HighAvailability-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.x86_64",
"6Server-ResilientStorage-6.6.z:pcs-0:0.9.123-9.el6_6.2.i686",
"6Server-ResilientStorage-6.6.z:pcs-0:0.9.123-9.el6_6.2.src",
"6Server-ResilientStorage-6.6.z:pcs-0:0.9.123-9.el6_6.2.x86_64",
"6Server-ResilientStorage-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.i686",
"6Server-ResilientStorage-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "pcs: improper web session variable signing"
},
{
"acknowledgments": [
{
"names": [
"Tomas Jelinek"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2015-3983",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2015-03-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1208294"
}
],
"notes": [
{
"category": "description",
"text": "It was found that the pcs daemon did not sign cookies containing session data that were sent to clients connecting via the pcsd web UI. A remote attacker could use this flaw to forge cookies and bypass authorization checks, possibly gaining elevated privileges in the pcsd web UI.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pcs: improper web session variable signing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-HighAvailability-6.6.z:pcs-0:0.9.123-9.el6_6.2.i686",
"6Server-HighAvailability-6.6.z:pcs-0:0.9.123-9.el6_6.2.src",
"6Server-HighAvailability-6.6.z:pcs-0:0.9.123-9.el6_6.2.x86_64",
"6Server-HighAvailability-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.i686",
"6Server-HighAvailability-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.x86_64",
"6Server-ResilientStorage-6.6.z:pcs-0:0.9.123-9.el6_6.2.i686",
"6Server-ResilientStorage-6.6.z:pcs-0:0.9.123-9.el6_6.2.src",
"6Server-ResilientStorage-6.6.z:pcs-0:0.9.123-9.el6_6.2.x86_64",
"6Server-ResilientStorage-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.i686",
"6Server-ResilientStorage-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-3983"
},
{
"category": "external",
"summary": "RHBZ#1208294",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1208294"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-3983",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3983"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-3983",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3983"
}
],
"release_date": "2015-05-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-05-12T17:59:13+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-HighAvailability-6.6.z:pcs-0:0.9.123-9.el6_6.2.i686",
"6Server-HighAvailability-6.6.z:pcs-0:0.9.123-9.el6_6.2.src",
"6Server-HighAvailability-6.6.z:pcs-0:0.9.123-9.el6_6.2.x86_64",
"6Server-HighAvailability-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.i686",
"6Server-HighAvailability-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.x86_64",
"6Server-ResilientStorage-6.6.z:pcs-0:0.9.123-9.el6_6.2.i686",
"6Server-ResilientStorage-6.6.z:pcs-0:0.9.123-9.el6_6.2.src",
"6Server-ResilientStorage-6.6.z:pcs-0:0.9.123-9.el6_6.2.x86_64",
"6Server-ResilientStorage-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.i686",
"6Server-ResilientStorage-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0990"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Server-HighAvailability-6.6.z:pcs-0:0.9.123-9.el6_6.2.i686",
"6Server-HighAvailability-6.6.z:pcs-0:0.9.123-9.el6_6.2.src",
"6Server-HighAvailability-6.6.z:pcs-0:0.9.123-9.el6_6.2.x86_64",
"6Server-HighAvailability-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.i686",
"6Server-HighAvailability-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.x86_64",
"6Server-ResilientStorage-6.6.z:pcs-0:0.9.123-9.el6_6.2.i686",
"6Server-ResilientStorage-6.6.z:pcs-0:0.9.123-9.el6_6.2.src",
"6Server-ResilientStorage-6.6.z:pcs-0:0.9.123-9.el6_6.2.x86_64",
"6Server-ResilientStorage-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.i686",
"6Server-ResilientStorage-6.6.z:pcs-debuginfo-0:0.9.123-9.el6_6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "pcs: improper web session variable signing"
}
]
}
GSD-2015-1848
Vulnerability from gsd - Updated: 2023-12-13 01:20Details
The pcs daemon (pcsd) in PCS 0.9.137 and earlier does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. NOTE: this issue was SPLIT per ADT2 due to different vulnerability types. CVE-2015-3983 is for the issue with not setting the HTTPOnly flag.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2015-1848",
"description": "The pcs daemon (pcsd) in PCS 0.9.137 and earlier does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. NOTE: this issue was SPLIT per ADT2 due to different vulnerability types. CVE-2015-3983 is for the issue with not setting the HTTPOnly flag.",
"id": "GSD-2015-1848",
"references": [
"https://www.suse.com/security/cve/CVE-2015-1848.html",
"https://access.redhat.com/errata/RHSA-2015:0990",
"https://access.redhat.com/errata/RHSA-2015:0980"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2015-1848"
],
"details": "The pcs daemon (pcsd) in PCS 0.9.137 and earlier does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. NOTE: this issue was SPLIT per ADT2 due to different vulnerability types. CVE-2015-3983 is for the issue with not setting the HTTPOnly flag.",
"id": "GSD-2015-1848",
"modified": "2023-12-13T01:20:05.151258Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-1848",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The pcs daemon (pcsd) in PCS 0.9.137 and earlier does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. NOTE: this issue was SPLIT per ADT2 due to different vulnerability types. CVE-2015-3983 is for the issue with not setting the HTTPOnly flag."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159374.html",
"refsource": "MISC",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159374.html"
},
{
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159401.html",
"refsource": "MISC",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159401.html"
},
{
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159412.html",
"refsource": "MISC",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159412.html"
},
{
"name": "http://rhn.redhat.com/errata/RHSA-2015-0980.html",
"refsource": "MISC",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0980.html"
},
{
"name": "http://rhn.redhat.com/errata/RHSA-2015-0990.html",
"refsource": "MISC",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0990.html"
},
{
"name": "http://www.securityfocus.com/bid/74623",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/74623"
},
{
"name": "https://bugzilla.redhat.com/attachment.cgi?id=1009855",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/attachment.cgi?id=1009855"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:fedora:pacemaker_configuration_system:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "0.9.137",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_resilient_storage_eus:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_high_availability_eus:6.6.z:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_resilient_storage_eus:6.6.z:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_high_availability:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_resilient_storage:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_resilient_storage:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_high_availability:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_high_availability_eus:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-1848"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "The pcs daemon (pcsd) in PCS 0.9.137 and earlier does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. NOTE: this issue was SPLIT per ADT2 due to different vulnerability types. CVE-2015-3983 is for the issue with not setting the HTTPOnly flag."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2015:0990",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0990.html"
},
{
"name": "https://bugzilla.redhat.com/attachment.cgi?id=1009855",
"refsource": "CONFIRM",
"tags": [
"Exploit",
"Issue Tracking"
],
"url": "https://bugzilla.redhat.com/attachment.cgi?id=1009855"
},
{
"name": "RHSA-2015:0980",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0980.html"
},
{
"name": "74623",
"refsource": "BID",
"tags": [
"Third Party Advisory"
],
"url": "http://www.securityfocus.com/bid/74623"
},
{
"name": "FEDORA-2015-8765",
"refsource": "FEDORA",
"tags": [],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159412.html"
},
{
"name": "FEDORA-2015-8788",
"refsource": "FEDORA",
"tags": [],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159401.html"
},
{
"name": "FEDORA-2015-8761",
"refsource": "FEDORA",
"tags": [],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159374.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2023-02-12T23:15Z",
"publishedDate": "2015-05-14T14:59Z"
}
}
}
FKIE_CVE-2015-1848
Vulnerability from fkie_nvd - Published: 2015-05-14 14:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
The pcs daemon (pcsd) in PCS 0.9.137 and earlier does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. NOTE: this issue was SPLIT per ADT2 due to different vulnerability types. CVE-2015-3983 is for the issue with not setting the HTTPOnly flag.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fedora:pacemaker_configuration_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E8A6579C-9633-4842-972F-4392053D9D73",
"versionEndIncluding": "0.9.137",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_high_availability:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5ACB0BE-6736-4644-86B1-77AA9E5B8AEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_high_availability:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F92715C0-6341-4617-9F61-C87907D1C3F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_high_availability_eus:6.6.z:*:*:*:*:*:*:*",
"matchCriteriaId": "01885365-42EB-4519-B331-B30CE1D5968B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_high_availability_eus:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EF7EA768-C917-4A14-B599-B8615A532B18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_resilient_storage:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B284C97C-AEF7-4431-8A02-E0EA5B991FE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_resilient_storage:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F66BE726-A258-42D7-B23A-925F50FDF449",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_resilient_storage_eus:6.6.z:*:*:*:*:*:*:*",
"matchCriteriaId": "FC8BA03B-6E9A-46DC-B979-B8C522269F15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_resilient_storage_eus:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "94594B19-900E-4F56-BDB8-3C9681656C84",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The pcs daemon (pcsd) in PCS 0.9.137 and earlier does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. NOTE: this issue was SPLIT per ADT2 due to different vulnerability types. CVE-2015-3983 is for the issue with not setting the HTTPOnly flag."
},
{
"lang": "es",
"value": "El demonio pcs (pcsd) en PCS 0.9.137 y anteriores no establece el indicador de seguridad en una cookie de sesi\u00f3n https, lo cual hace m\u00e1s f\u00e1cil a atacantes remotos capturar dicha cookie interceptando la transmisi\u00f3n dentro de una sesi\u00f3n http. NOTA: este problema ha sido dividido (SPLIT) por ADT2 debido a diferentes tipos de vulnerabilidad. CVE-2015-3983 es para el problema con no configurar el indicador HTTPOnly."
}
],
"id": "CVE-2015-1848",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-05-14T14:59:07.897",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159374.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159401.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159412.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0980.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0990.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.securityfocus.com/bid/74623"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Issue Tracking"
],
"url": "https://bugzilla.redhat.com/attachment.cgi?id=1009855"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159374.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159401.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159412.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0980.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0990.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.securityfocus.com/bid/74623"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking"
],
"url": "https://bugzilla.redhat.com/attachment.cgi?id=1009855"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…