CVE-2014-0090

Foreman <1.4.2 - Info Disclosure

Title source: llm

Description

Session fixation vulnerability in Foreman before 1.4.2 allows remote attackers to hijack web sessions via the session id cookie.

References (3)

[Vendor Advisory] http://theforeman.org/security.html

[Issue Tracking] http://projects.theforeman.org/issues/4457

[Issue Tracking] https://bugzilla.redhat.com/show_bug.cgi?id=1072151

Scores

EPSS 0.0056

EPSS Percentile 67.9%

Classification

CWE

CWE-287

Status draft

Affected Products (10)

theforeman/foreman < 1.4.1

theforeman/foreman

theforeman/foreman

theforeman/foreman

theforeman/foreman

theforeman/foreman

theforeman/foreman

theforeman/foreman

theforeman/foreman

theforeman/foreman

Timeline

Published May 08, 2014

Tracked Since Feb 18, 2026