What is the severity of CVE-2015-3155?

CVE-2015-3155 is classified as a medium severity vulnerability.

How do I fix CVE-2015-3155?

To fix CVE-2015-3155, upgrade Foreman to version 1.8.1 or later to ensure the _session_id cookie is set with the secure flag.

What kind of attack does CVE-2015-3155 enable?

CVE-2015-3155 enables remote attackers to capture the _session_id cookie through man-in-the-middle attacks.

Which versions of Foreman are affected by CVE-2015-3155?

Foreman versions up to and including 1.8.0 are affected by CVE-2015-3155.

Is CVE-2015-3155 related to cookie security?

Yes, CVE-2015-3155 specifically relates to the lack of a secure flag on the _session_id cookie, compromising its security during transmission.

Vulnerability/
CVE-2015-3155

medium

CWE

284

28/4/2015

14/8/2015

6/8/2024

CVE-2015-3155

First published: Tue Apr 28 2015(Updated: )

Foreman before 1.8.1 does not set the secure flag for the _session_id cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
TheForeman Foreman	<=1.8.0

Remedy

https://github.com/theforeman/foreman/pull/2328

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2015-3155?
CVE-2015-3155 is classified as a medium severity vulnerability.
How do I fix CVE-2015-3155?
To fix CVE-2015-3155, upgrade Foreman to version 1.8.1 or later to ensure the _session_id cookie is set with the secure flag.
What kind of attack does CVE-2015-3155 enable?
CVE-2015-3155 enables remote attackers to capture the _session_id cookie through man-in-the-middle attacks.
Which versions of Foreman are affected by CVE-2015-3155?
Foreman versions up to and including 1.8.0 are affected by CVE-2015-3155.
Is CVE-2015-3155 related to cookie security?
Yes, CVE-2015-3155 specifically relates to the lack of a secure flag on the _session_id cookie, compromising its security during transmission.

agent/type
agent/first-publish-date
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2015-3155
agent/references
collector/mitre-cve
source/MITRE
agent/remedy
agent/weakness
agent/severity
agent/last-modified-date
agent/author
agent/description
agent/event
agent/source
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/theforeman
canonical/theforeman foreman
version/theforeman foreman/1.8.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.

Frequently Asked Questions

What is the severity of CVE-2015-3155?
CVE-2015-3155 is classified as a medium severity vulnerability.
How do I fix CVE-2015-3155?
To fix CVE-2015-3155, upgrade Foreman to version 1.8.1 or later to ensure the _session_id cookie is set with the secure flag.
What kind of attack does CVE-2015-3155 enable?
CVE-2015-3155 enables remote attackers to capture the _session_id cookie through man-in-the-middle attacks.
Which versions of Foreman are affected by CVE-2015-3155?
Foreman versions up to and including 1.8.0 are affected by CVE-2015-3155.
Is CVE-2015-3155 related to cookie security?
Yes, CVE-2015-3155 specifically relates to the lack of a secure flag on the _session_id cookie, compromising its security during transmission.