5
CVE-2010-1507
- EPSS 2.12%
- Veröffentlicht 03.09.2010 20:00:01
- Zuletzt bearbeitet 16.06.2026 23:18:31
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
WebYaST in yast2-webclient in SUSE Linux Enterprise (SLE) 11 on the WebYaST appliance uses a fixed secret key that is embedded in the appliance's image, which allows remote attackers to spoof session cookies by leveraging knowledge of this key.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Novell ≫ Suse Linux Version11 Update- Editionenterprise
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.12% | 0.796 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
http://support.novell.com/security/cve/CVE-2010-1507.html
http://www.securityfocus.com/bid/42128
https://bugzilla.novell.com/show_bug.cgi?id=591345
https://bugzilla.novell.com/show_bug.cgi?id=598834