CVE-2016-6338
First published: Tue Aug 23 2016(Updated: )
Greg Sheremeta of Red Hat reports: We've found a scenario a webadmin session won't timeout and force a logout. We had a CVE on this before. To duplicate: navigate to the Data Centers tab. Select a data center. Switch to another browser tab and wait longer than the engine timeout period [1] to switch back to webadmin. You won't be logged out -- even though you should be. Basically, idling while certain things in the UI are selected (a data center, a cluster -- maybe others?) will prevent the session from timing out. We see three gluster queries that are repeating and keeping the session open. Alexander is looking for others. We know the fix -- just have to find them all.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Redhat Enterprise Virtualization | =4.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/type
- agent/tags
- agent/event
- agent/last-modified-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2016-6338
- agent/description
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/redhat
- canonical/redhat enterprise virtualization
- version/redhat enterprise virtualization/4.0