5
CVE-2010-3902
- EPSS 2.26%
- Veröffentlicht 14.10.2010 05:58:42
- Zuletzt bearbeitet 16.06.2026 23:23:47
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
OpenConnect before 2.26 places the webvpn cookie value in the debugging output, which might allow remote attackers to obtain sensitive information by reading this output, as demonstrated by output posted to the public openconnect-devel mailing list.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Infradead ≫ Openconnect Version <= 2.25
Infradead ≫ Openconnect Version1.00
Infradead ≫ Openconnect Version1.10
Infradead ≫ Openconnect Version1.20
Infradead ≫ Openconnect Version1.30
Infradead ≫ Openconnect Version2.22
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.26% | 0.807 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
http://www.infradead.org/openconnect.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051620.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051637.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051640.html
http://secunia.com/advisories/42381
http://www.securityfocus.com/bid/44111
http://www.vupen.com/english/advisories/2010/3078