CWE
284
Advisory Published
CVE Published
Updated

CVE-2016-6338

First published: Tue Aug 23 2016(Updated: )

Greg Sheremeta of Red Hat reports: We've found a scenario a webadmin session won't timeout and force a logout. We had a CVE on this before. To duplicate: navigate to the Data Centers tab. Select a data center. Switch to another browser tab and wait longer than the engine timeout period [1] to switch back to webadmin. You won't be logged out -- even though you should be. Basically, idling while certain things in the UI are selected (a data center, a cluster -- maybe others?) will prevent the session from timing out. We see three gluster queries that are repeating and keeping the session open. Alexander is looking for others. We know the fix -- just have to find them all.

Credit: secalert@redhat.com

Affected SoftwareAffected VersionHow to fix
Redhat Enterprise Virtualization=4.0

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203