Skip to main content

Pacemaker Configuration System

2 CVEs product

Monthly

CVE-2015-3983 MEDIUM This Month

The pcs daemon (pcsd) in PCS 0.9.137 and earlier does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to obtain potentially sensitive information via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Pacemaker Configuration System
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2015-1848 MEDIUM POC This Month

The pcs daemon (pcsd) in PCS 0.9.137 and earlier does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Pacemaker Configuration System Enterprise Linux High Availability Enterprise Linux High Availability Eus Enterprise Linux Resilient Storage +1
NVD
CVSS 2.0
6.8
EPSS
1.2%
EPSS 1% CVSS 4.3
MEDIUM This Month

The pcs daemon (pcsd) in PCS 0.9.137 and earlier does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to obtain potentially sensitive information via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Pacemaker Configuration System
NVD
EPSS 1% CVSS 6.8
MEDIUM POC This Month

The pcs daemon (pcsd) in PCS 0.9.137 and earlier does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Pacemaker Configuration System Enterprise Linux High Availability +3
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy