CVE-2013-4964
Publication date 20 August 2013
Last updated 24 July 2024
Ubuntu priority
Puppet Enterprise before 3.0.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
Status
Package | Ubuntu Release | Status |
---|---|---|
puppet | 13.04 raring |
Not affected
|
12.10 quantal |
Not affected
|
|
12.04 LTS precise |
Not affected
|
|
10.04 LTS lucid | Ignored end of life |