Summary: | CVE-2013-7436 novnc: session hijack through insecurely set session token cookies | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Vasyl Kaigorodov <vkaigoro> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | abaron, acathrow, apevec, apevec, bmcclain, chrisw, dallan, eglynn, gkotton, gmollett, idith, jose.castro.leon, lhh, lpeer, lsurette, markmc, michal.skrivanek, paul, p, rbryant, sclewis, srevivo, stirabos, ykaul |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | noVNC 0.5.1 | Doc Type: | Bug Fix |
Doc Text: |
It was discovered that noVNC did not properly set the 'secure' flag when issuing cookies. An attacker could use this flaw to intercept cookies via a man-in-the-middle attack.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2021-10-20 10:50:16 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Bug Depends On: | 1193245, 1193454, 1203013, 1203014, 1203015, 1203016 | ||
Bug Blocks: | 1193452 |
Description
Vasyl Kaigorodov
2015-02-17 11:26:21 UTC
Created novnc tracking bugs for this issue: Affects: epel-all [bug 1193454] Does the post to oss-security need a bump? Nobody seems to have assigned a CVE for this issue... novnc-0.5.1-2.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report. novnc-0.5.1-2.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report. It looks noVNC and SPICE-HTML5 in oVirt/RHEV-M is unaffected by this CVE (we don't use cookies). Unless you've explicitly disabled setting the cookie by modifying the source code, noVNC sets one. You're probably still vulnerable. Log into a terminal and check the cookies, if you see an insecure cookie with a token in it, you've got the problem. This issue has been addressed in the following products: OpenStack 6 for RHEL 7 Via RHSA-2015:0788 https://rhn.redhat.com/errata/RHSA-2015-0788.html This issue has been addressed in the following products: OpenStack 5 for RHEL 7 Via RHSA-2015:0834 https://rhn.redhat.com/errata/RHSA-2015-0834.html This issue has been addressed in the following products: OpenStack 5 for RHEL 6 Via RHSA-2015:0833 https://rhn.redhat.com/errata/RHSA-2015-0833.html This issue has been addressed in the following products: OpenStack 4 for RHEL 6 Via RHSA-2015:0884 https://rhn.redhat.com/errata/RHSA-2015-0884.html |