Lucene search

K
cvelistApacheCVELIST:CVE-2018-1340
HistoryJan 23, 2019 - 12:00 a.m.

CVE-2018-1340

2019-01-2300:00:00
apache
www.cve.org

6.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

50.6%

Prior to 1.0.0, Apache Guacamole used a cookie for client-side storage of the user’s session token. This cookie lacked the “secure” flag, which could allow an attacker eavesdropping on the network to intercept the user’s session token if unencrypted HTTP requests are made to the same domain.

CNA Affected

[
  {
    "product": "Apache Guacamole",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "status": "affected",
        "version": "Apache Guacamole 0.9.4 to 0.9.14"
      }
    ]
  }
]

6.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

50.6%