1. CVE-Search
  2. CVE-2014-0152
ID CVE-2014-0152
Summary Session fixation vulnerability in the web admin interface in oVirt 3.4.0 and earlier allows remote attackers to hijack web sessions via unspecified vectors.
References
Vulnerable Configurations
  • cpe:2.3:a:ovirt:ovirt:-:*:*:*:*:*:*:*
    cpe:2.3:a:ovirt:ovirt:-:*:*:*:*:*:*:*
  • cpe:2.3:a:ovirt:ovirt:3.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:ovirt:ovirt:3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ovirt:ovirt:3.0.0_0001:*:*:*:*:*:*:*
    cpe:2.3:a:ovirt:ovirt:3.0.0_0001:*:*:*:*:*:*:*
  • cpe:2.3:a:ovirt:ovirt:3.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:ovirt:ovirt:3.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ovirt:ovirt:3.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:ovirt:ovirt:3.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ovirt:ovirt:3.2.0-4:*:*:*:*:*:*:*
    cpe:2.3:a:ovirt:ovirt:3.2.0-4:*:*:*:*:*:*:*
  • cpe:2.3:a:ovirt:ovirt:3.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:ovirt:ovirt:3.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:ovirt:ovirt:3.2.1-1:*:*:*:*:*:*:*
    cpe:2.3:a:ovirt:ovirt:3.2.1-1:*:*:*:*:*:*:*
  • cpe:2.3:a:ovirt:ovirt:3.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:ovirt:ovirt:3.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:ovirt:ovirt:3.3:beta1:*:*:*:*:*:*
    cpe:2.3:a:ovirt:ovirt:3.3:beta1:*:*:*:*:*:*
  • cpe:2.3:a:ovirt:ovirt:3.3:rc1:*:*:*:*:*:*
    cpe:2.3:a:ovirt:ovirt:3.3:rc1:*:*:*:*:*:*
  • cpe:2.3:a:ovirt:ovirt:3.3:rc2:*:*:*:*:*:*
    cpe:2.3:a:ovirt:ovirt:3.3:rc2:*:*:*:*:*:*
  • cpe:2.3:a:ovirt:ovirt:3.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:ovirt:ovirt:3.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ovirt:ovirt:3.3.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:ovirt:ovirt:3.3.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:ovirt:ovirt:3.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:ovirt:ovirt:3.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:ovirt:ovirt:3.3.1:beta1:*:*:*:*:*:*
    cpe:2.3:a:ovirt:ovirt:3.3.1:beta1:*:*:*:*:*:*
  • cpe:2.3:a:ovirt:ovirt:3.3.1:rc1:*:*:*:*:*:*
    cpe:2.3:a:ovirt:ovirt:3.3.1:rc1:*:*:*:*:*:*
  • cpe:2.3:a:ovirt:ovirt:3.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:ovirt:ovirt:3.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:ovirt:ovirt:3.3.2:beta1:*:*:*:*:*:*
    cpe:2.3:a:ovirt:ovirt:3.3.2:beta1:*:*:*:*:*:*
  • cpe:2.3:a:ovirt:ovirt:3.3.2:rc:*:*:*:*:*:*
    cpe:2.3:a:ovirt:ovirt:3.3.2:rc:*:*:*:*:*:*
  • cpe:2.3:a:ovirt:ovirt:3.3.2:rc1:*:*:*:*:*:*
    cpe:2.3:a:ovirt:ovirt:3.3.2:rc1:*:*:*:*:*:*
  • cpe:2.3:a:ovirt:ovirt:3.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:ovirt:ovirt:3.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:ovirt:ovirt:3.3.3:beta1:*:*:*:*:*:*
    cpe:2.3:a:ovirt:ovirt:3.3.3:beta1:*:*:*:*:*:*
  • cpe:2.3:a:ovirt:ovirt:3.3.3:rc1:*:*:*:*:*:*
    cpe:2.3:a:ovirt:ovirt:3.3.3:rc1:*:*:*:*:*:*
  • cpe:2.3:a:ovirt:ovirt:3.3.4:*:*:*:*:*:*:*
    cpe:2.3:a:ovirt:ovirt:3.3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:ovirt:ovirt:3.3.4:beta1:*:*:*:*:*:*
    cpe:2.3:a:ovirt:ovirt:3.3.4:beta1:*:*:*:*:*:*
  • cpe:2.3:a:ovirt:ovirt:3.3.4:rc1:*:*:*:*:*:*
    cpe:2.3:a:ovirt:ovirt:3.3.4:rc1:*:*:*:*:*:*
  • cpe:2.3:a:ovirt:ovirt:3.3.5:*:*:*:*:*:*:*
    cpe:2.3:a:ovirt:ovirt:3.3.5:*:*:*:*:*:*:*
  • cpe:2.3:a:ovirt:ovirt:3.3.5:rc1:*:*:*:*:*:*
    cpe:2.3:a:ovirt:ovirt:3.3.5:rc1:*:*:*:*:*:*
  • cpe:2.3:a:ovirt:ovirt:3.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:ovirt:ovirt:3.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ovirt:ovirt:3.4.0:beta1:*:*:*:*:*:*
    cpe:2.3:a:ovirt:ovirt:3.4.0:beta1:*:*:*:*:*:*
  • cpe:2.3:a:ovirt:ovirt:3.4.0:beta2:*:*:*:*:*:*
    cpe:2.3:a:ovirt:ovirt:3.4.0:beta2:*:*:*:*:*:*
  • cpe:2.3:a:ovirt:ovirt:3.4.0:beta3:*:*:*:*:*:*
    cpe:2.3:a:ovirt:ovirt:3.4.0:beta3:*:*:*:*:*:*
  • cpe:2.3:a:ovirt:ovirt:3.4.0:rc:*:*:*:*:*:*
    cpe:2.3:a:ovirt:ovirt:3.4.0:rc:*:*:*:*:*:*
  • cpe:2.3:a:ovirt:ovirt:3.4.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:ovirt:ovirt:3.4.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:ovirt:ovirt:3.4.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:ovirt:ovirt:3.4.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:ovirt:ovirt:3.4.0:rc3:*:*:*:*:*:*
    cpe:2.3:a:ovirt:ovirt:3.4.0:rc3:*:*:*:*:*:*
  • cpe:2.3:a:redhat:ovirt-engine:3.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:ovirt-engine:3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:ovirt-engine:3.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:ovirt-engine:3.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:ovirt-engine:3.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:ovirt-engine:3.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:ovirt-engine:3.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:ovirt-engine:3.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:ovirt-engine:3.3.2:rc1:*:*:*:*:*:*
    cpe:2.3:a:redhat:ovirt-engine:3.3.2:rc1:*:*:*:*:*:*
  • cpe:2.3:a:redhat:ovirt-engine:3.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:ovirt-engine:3.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:ovirt-engine:3.3.4:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:ovirt-engine:3.3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:ovirt-engine:3.3.5:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:ovirt-engine:3.3.5:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:ovirt-engine:3.4.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:redhat:ovirt-engine:3.4.0:rc1:*:*:*:*:*:*
CVSS
Base: 6.8 (as of 13-02-2023 - 00:33)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:P
redhat via4
rpms
  • rhevm-0:3.4.0-0.21.el6ev
  • rhevm-backend-0:3.4.0-0.21.el6ev
  • rhevm-dbscripts-0:3.4.0-0.21.el6ev
  • rhevm-lib-0:3.4.0-0.21.el6ev
  • rhevm-restapi-0:3.4.0-0.21.el6ev
  • rhevm-setup-0:3.4.0-0.21.el6ev
  • rhevm-setup-base-0:3.4.0-0.21.el6ev
  • rhevm-setup-plugin-allinone-0:3.4.0-0.21.el6ev
  • rhevm-setup-plugin-ovirt-engine-0:3.4.0-0.21.el6ev
  • rhevm-setup-plugin-ovirt-engine-common-0:3.4.0-0.21.el6ev
  • rhevm-setup-plugin-websocket-proxy-0:3.4.0-0.21.el6ev
  • rhevm-tools-0:3.4.0-0.21.el6ev
  • rhevm-userportal-0:3.4.0-0.21.el6ev
  • rhevm-webadmin-portal-0:3.4.0-0.21.el6ev
  • rhevm-websocket-proxy-0:3.4.0-0.21.el6ev
refmap via4
confirm
Last major update 13-02-2023 - 00:33
Published 08-09-2014 - 14:55
Last modified 13-02-2023 - 00:33
Back to Top