CVE-2018-1340
First published: Thu Feb 07 2019(Updated: )
Prior to 1.0.0, Apache Guacamole used a cookie for client-side storage of the user's session token. This cookie lacked the "secure" flag, which could allow an attacker eavesdropping on the network to intercept the user's session token if unencrypted HTTP requests are made to the same domain.
Credit: security@apache.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache Guacamole | <=0.9.14 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-1340?
CVE-2018-1340 is a vulnerability in Apache Guacamole prior to version 1.0.0 that allowed an attacker to intercept a user's session token if unencrypted HTTP requests are made to the same domain.
What is the severity of CVE-2018-1340?
CVE-2018-1340 has a severity rating of 7.5 (high).
How does CVE-2018-1340 affect Apache Guacamole?
CVE-2018-1340 affects Apache Guacamole versions up to and including 0.9.14.
How can an attacker exploit CVE-2018-1340?
An attacker can exploit CVE-2018-1340 by eavesdropping on the network and intercepting the user's session token if unencrypted HTTP requests are made to the same domain.
How can I fix CVE-2018-1340 in Apache Guacamole?
To fix CVE-2018-1340, upgrade Apache Guacamole to version 1.0.0 or higher.
- collector/nvd-index
- agent/weakness
- agent/type
- agent/tags
- agent/event
- agent/severity
- agent/references
- agent/author
- agent/description
- agent/softwarecombine
- agent/last-modified-date
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/apache
- canonical/apache guacamole
- version/apache guacamole/0.9.14