CVE-2010-3902

Sažetak

OpenConnect before 2.26 places the webvpn cookie value in the debugging output, which might allow remote attackers to obtain sensitive information by reading this output, as demonstrated by output posted to the public openconnect-devel mailing list.

Reference

http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051620.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051637.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051640.html
http://secunia.com/advisories/42381
http://www.infradead.org/openconnect.html
http://www.securityfocus.com/bid/44111
http://www.vupen.com/english/advisories/2010/3078

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

09-04-2011 - 03:29

Objavljeno

14-10-2010 - 05:58