CVE-2010-3902: Infoleak
First published: Tue Oct 12 2010(Updated: )
OpenConnect before 2.26 places the webvpn cookie value in the debugging output, which might allow remote attackers to obtain sensitive information by reading this output, as demonstrated by output posted to the public openconnect-devel mailing list.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| infradead OpenConnect | <=2.25 | |
| infradead OpenConnect | =1.00 | |
| infradead OpenConnect | =1.10 | |
| infradead OpenConnect | =1.20 | |
| infradead OpenConnect | =1.30 | |
| infradead OpenConnect | =2.22 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.infradead.org/openconnect.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051640.html
- http://secunia.com/advisories/42381
- http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051620.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051637.html
- http://www.securityfocus.com/bid/44111
- http://www.vupen.com/english/advisories/2010/3078
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/author
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/infradead
- canonical/infradead openconnect
- version/infradead openconnect/2.25
- version/infradead openconnect/1.00
- version/infradead openconnect/1.10
- version/infradead openconnect/1.20
- version/infradead openconnect/1.30
- version/infradead openconnect/2.22