Foreman · Foreman · CVE-2015-3155
**Name of the Vulnerable Software and Affected Versions**
Foreman versions prior to 1.8.1
**Description**
The issue makes it easier for remote attackers to capture the ` session id` cookie by intercepting its transmission within an http session, as the secure flag is not set for this cookie in an https session.
**Recommendations**
For versions prior to 1.8.1, update to version 1.8.1 or later to resolve the issue.