CVE-2016-0721

CWE-384 CWE-613 — Insufficient Session Expiration11 documents8 sources

Severity

8.1HIGH

EPSS

0.4%

top 36.58%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Clusterlabs PCS Fedoraproject Fedora Redhat Enterprise Linux

Timeline

PublishedApr 21

Latest updateMay 17

Description

Session fixation vulnerability in pcsd in pcs before 0.9.157.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:NExploitability: 2.8 | Impact: 5.2

Affected Packages2 packages

▶Debianpcs< 0.9.149-1+3

▶NVDclusterlabs/pcs0.9.156

Also affects: Fedora 22, 23, Enterprise Linux 7.0

Patches

Patch: bugzilla.redhat.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-25mh-8263-4259: Session fixation vulnerability in pcsd in pcs before 0↗2022-05-17

▶

CVEList

CVE-2016-0721: Session fixation vulnerability in pcsd in pcs before 0↗2017-04-21

▶

OSV

CVE-2016-0721: Session fixation vulnerability in pcsd in pcs before 0↗2017-04-21

▶

💥Exploits & PoCs

Metasploit

Microsoft Exchange ProxyLogon Collector↗

▶

Metasploit

Microsoft Exchange ProxyLogon Scanner↗

▶

Metasploit

Microsoft Exchange ProxyLogon RCE↗

▶

📋Vendor Advisories

Red Hat

pcs: cookies are not invalidated upon logout↗2016-02-16

▶

Debian

CVE-2016-0721: pcs - Session fixation vulnerability in pcsd in pcs before 0.9.157.↗2016

▶

💬Community

Bugzilla

CVE-2016-0720 CVE-2016-0721 pcs: various flaws [fedora-all]↗2016-02-16

▶

Bugzilla

CVE-2016-0721 pcs: cookies are not invalidated upon logout↗2016-01-18

▶