Base Score

HIGH8.1

CVE-2016-0721

Session fixation vulnerability in pcsd in pcs before 0.9.157.

VectorNETWORK

Published Bysecalert@redhat.com

Published DateApr 21, 2017, 15:59

Weakness Type (CWE):CWE-384

CVSS Metrics

Base Score

8.1

Vector String

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Base Severity

HIGH

Version

3.0

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

REQUIRED

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

NONE

References

http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178261.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178384.html
http://rhn.redhat.com/errata/RHSA-2016-2596.html
http://www.securityfocus.com/bid/97977
https://bugzilla.redhat.com/show_bug.cgi?id=1299615
https://github.com/ClusterLabs/pcs/commit/acdbbe8307e6f4a36b2c7754765e732e43fe8d17
https://github.com/ClusterLabs/pcs/commit/bc6ad9086857559db57f4e3e6de66762291c0774
https://github.com/ClusterLabs/pcs/commit/e9b28833d54a47ec441f6dbad0db96e1fc662a5b

Base Score

HIGH8.1

Weakness Type (CWE):CWE-384

CVSS Metrics

Base Score

8.1

Vector String

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Base Severity

HIGH

Version

3.0

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

REQUIRED

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

NONE