Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-0090

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2014-0090
Last Modified 09 May 2014 10:50:06
Published 08 May 2014 10:29:12
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2014-0090

Summary

Session fixation vulnerability in Foreman before 1.4.2 allows remote attackers to hijack web sessions via the session id cookie.

Vulnerable Systems

Application

  • Theforeman Foreman 1.0

  • Theforeman Foreman 1.1

  • Theforeman Foreman 1.2.0

  • Theforeman Foreman 1.2.1

  • Theforeman Foreman 1.2.2

  • Theforeman Foreman 1.2.3

  • Theforeman Foreman 1.4.0

  • Theforeman Foreman 1.4.1


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=1072151

CONFIRM - http://theforeman.org/security.html

CONFIRM - http://projects.theforeman.org/issues/4457


Last Updated: 27 May 2016 11:05:13