Lucene search

K
cve[email protected]CVE-2010-3902
HistoryOct 14, 2010 - 5:58 a.m.

CVE-2010-3902

2010-10-1405:58:42
CWE-200
web.nvd.nist.gov
29
openconnect
cve-2010-3902
webvpn
cookie
vulnerability
debugging output
remote attackers
sensitive information
openconnect-devel mailing list

6 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.004 Low

EPSS

Percentile

73.3%

OpenConnect before 2.26 places the webvpn cookie value in the debugging output, which might allow remote attackers to obtain sensitive information by reading this output, as demonstrated by output posted to the public openconnect-devel mailing list.

Affected configurations

NVD
Node
infradeadopenconnectRange2.25
OR
infradeadopenconnectMatch1.00
OR
infradeadopenconnectMatch1.10
OR
infradeadopenconnectMatch1.20
OR
infradeadopenconnectMatch1.30
OR
infradeadopenconnectMatch2.22

6 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.004 Low

EPSS

Percentile

73.3%