Security Advisory

CVE-2015-3155

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2015-08-14 18:00:00

Last updated 2024-08-06 05:39:31

Assigner redhat

State PUBLISHED

Description

Foreman before 1.8.1 does not set the secure flag for the _session_id cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.

← Browse all CVEs View on cve.org ↗