CVE-2016-0721
published 2017-04-21CVE-2016-0721: Session fixation vulnerability in pcsd in pcs before 0.9.157.
PriorityP335high8.1CVSS 3.0
AVNACLPRNUIRSUCHIHAN
EPSS
2.29%
81.1th percentile
Session fixation vulnerability in pcsd in pcs before 0.9.157.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| clusterlabs | pcs | <= 0.9.156 | — |
| clusterlabs | pcs | >= 0 < 0.9.149-1 | 0.9.149-1 |
| clusterlabs | pcs | >= 0 < 0.9.149-1 | 0.9.149-1 |
| clusterlabs | pcs | >= 0 < 0.9.149-1 | 0.9.149-1 |
| clusterlabs | pcs | >= 0 < 0.9.149-1 | 0.9.149-1 |
| debian | pcs | < pcs 0.9.149-1 (bookworm) | pcs 0.9.149-1 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| redhat | enterprise_linux | — | — |
CVSS provenance
nvdv3.08.1HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv8.1HIGH
vendor_debian8.1HIGH
vendor_redhat8.1HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-25mh-8263-4259: Session fixation vulnerability in pcsd in pcs before 0
ghsa_unreviewed·2022-05-17
CVE-2016-0721 [HIGH] CWE-384 GHSA-25mh-8263-4259: Session fixation vulnerability in pcsd in pcs before 0
Session fixation vulnerability in pcsd in pcs before 0.9.157.
OSV
CVE-2016-0721: Session fixation vulnerability in pcsd in pcs before 0
osv·2017-04-21·CVSS 8.1
CVE-2016-0721 [HIGH] CVE-2016-0721: Session fixation vulnerability in pcsd in pcs before 0
Session fixation vulnerability in pcsd in pcs before 0.9.157.
Red Hat
pcs: cookies are not invalidated upon logout
vendor_redhat·2016-02-16·CVSS 8.1
CVE-2016-0721 [HIGH] CWE-613 pcs: cookies are not invalidated upon logout
pcs: cookies are not invalidated upon logout
Session fixation vulnerability in pcsd in pcs before 0.9.157.
It was found that pcsd did not invalidate cookies on the server side when a user logged out. This could potentially allow an attacker to perform session fixation attacks on pcsd.
Statement: This issue is not currently planned to be addressed in future updates of Red Hat Enterprise Linux 6, as the web UI functionality is disabled by default in pcsd.
Package: pcs (Red Hat Enterprise Linux 6) - Will not fix
Debian
CVE-2016-0721: pcs - Session fixation vulnerability in pcsd in pcs before 0.9.157.
vendor_debian·2016·CVSS 8.1
CVE-2016-0721 [HIGH] CVE-2016-0721: pcs - Session fixation vulnerability in pcsd in pcs before 0.9.157.
Session fixation vulnerability in pcsd in pcs before 0.9.157.
Scope: local
bookworm: resolved (fixed in 0.9.149-1)
bullseye: resolved (fixed in 0.9.149-1)
forky: resolved (fixed in 0.9.149-1)
sid: resolved (fixed in 0.9.149-1)
trixie: resolved (fixed in 0.9.149-1)
No detection rules found.
Metasploit
Microsoft Exchange ProxyLogon Collector
metasploit·CVSS 9.8
CVE-2021-26855 [CRITICAL] Microsoft Exchange ProxyLogon Collector
Microsoft Exchange ProxyLogon Collector
This module exploit a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication and impersonating as the admin (CVE-2021-26855). By taking advantage of this vulnerability, it is possible to dump all mailboxes (emails, attachments, contacts, ...). This vulnerability affects (Exchange 2013 Versions < 15.00.1497.012, Exchange 2016 CU18 < 15.01.2106.013, Exchange 2016 CU19 < 15.01.2176.009, Exchange 2019 CU7 < 15.02.0721.013, Exchange 2019 CU8 < 15.02.0792.010). All components are vulnerable by default.
Metasploit
Microsoft Exchange ProxyLogon Scanner
metasploit·CVSS 9.8
CVE-2021-26855 [CRITICAL] Microsoft Exchange ProxyLogon Scanner
Microsoft Exchange ProxyLogon Scanner
This module scan for a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication and impersonating as the admin (CVE-2021-26855). By chaining this bug with another post-auth arbitrary-file-write vulnerability to get code execution (CVE-2021-27065). As a result, an unauthenticated attacker can execute arbitrary commands on Microsoft Exchange Server. This vulnerability affects (Exchange 2013 Versions < 15.00.1497.012, Exchange 2016 CU18 < 15.01.2106.013, Exchange 2016 CU19 < 15.01.2176.009, Exchange 2019 CU7 < 15.02.0721.013, Exchange 2019 CU8 < 15.02.0792.010). All components are vulnerable by default.
Metasploit
Microsoft Exchange ProxyLogon RCE
metasploit·CVSS 9.8
CVE-2021-26855 [CRITICAL] Microsoft Exchange ProxyLogon RCE
Microsoft Exchange ProxyLogon RCE
This module exploit a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication, impersonating as the admin (CVE-2021-26855) and write arbitrary file (CVE-2021-27065) to get the RCE (Remote Code Execution). By taking advantage of this vulnerability, you can execute arbitrary commands on the remote Microsoft Exchange Server. This vulnerability affects (Exchange 2013 Versions < 15.00.1497.012, Exchange 2016 CU18 < 15.01.2106.013, Exchange 2016 CU19 < 15.01.2176.009, Exchange 2019 CU7 < 15.02.0721.013, Exchange 2019 CU8 < 15.02.0792.010). All components are vulnerable by default.
Bugzilla
CVE-2016-0720 CVE-2016-0721 pcs: various flaws [fedora-all]
bugzilla·2016-02-16·CVSS 8.8
CVE-2016-0720 [HIGH] CVE-2016-0720 CVE-2016-0721 pcs: various flaws [fedora-all]
CVE-2016-0720 CVE-2016-0721 pcs: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
Bugzilla
CVE-2016-0721 pcs: cookies are not invalidated upon logout
bugzilla·2016-01-18·CVSS 8.1
CVE-2016-0721 [HIGH] CVE-2016-0721 pcs: cookies are not invalidated upon logout
CVE-2016-0721 pcs: cookies are not invalidated upon logout
The session cookie is not invalidated on the server side when logging out of the web UI. It is invalidated in the browser's cookie cache but it still works on requests sent by hand.
The cookie is also not invalidated when that same user log in again, meaning all cookies are stored in a pool of valid sessions that are only invalidated when the cookies expires (1 day).
This can allow attackers to perform session fixation attacks.
Discussion:
Acknowledgements:
Name: Martin Prpic (Red Hat Product Security)
---
Statement:
This issue is not currently planned to be addressed in future updates of Red Hat Enterprise Linux 6, as the web UI functionality is disabled by default in pcsd.
---
Upstream patches:
https://github.com/feis
http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178261.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2016-March/178384.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2596.htmlhttp://www.securityfocus.com/bid/97977https://bugzilla.redhat.com/show_bug.cgi?id=1299615https://github.com/ClusterLabs/pcs/commit/acdbbe8307e6f4a36b2c7754765e732e43fe8d17https://github.com/ClusterLabs/pcs/commit/bc6ad9086857559db57f4e3e6de66762291c0774https://github.com/ClusterLabs/pcs/commit/e9b28833d54a47ec441f6dbad0db96e1fc662a5bhttp://lists.fedoraproject.org/pipermail/package-announce/2016-March/178261.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2016-March/178384.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2596.htmlhttp://www.securityfocus.com/bid/97977https://bugzilla.redhat.com/show_bug.cgi?id=1299615https://github.com/ClusterLabs/pcs/commit/acdbbe8307e6f4a36b2c7754765e732e43fe8d17https://github.com/ClusterLabs/pcs/commit/bc6ad9086857559db57f4e3e6de66762291c0774https://github.com/ClusterLabs/pcs/commit/e9b28833d54a47ec441f6dbad0db96e1fc662a5b
2017-04-21
Published