CVE-2010-3902
Published Oct 14, 2010
Last updated 14 years ago
Overview
- Description
- OpenConnect before 2.26 places the webvpn cookie value in the debugging output, which might allow remote attackers to obtain sensitive information by reading this output, as demonstrated by output posted to the public openconnect-devel mailing list.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:N/A:N
Weaknesses
- nvd@nist.gov
- CWE-200
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:infradead:openconnect:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0726D7A0-1785-40E5-A0DF-83FB6DA75D77",
"versionEndIncluding": "2.25"
},
{
"criteria": "cpe:2.3:a:infradead:openconnect:1.00:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "67DF6A41-F66A-4988-8852-08B0F8409185"
},
{
"criteria": "cpe:2.3:a:infradead:openconnect:1.10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "13B5B9C7-3D91-4A40-BEE2-F1BEF2857C4F"
},
{
"criteria": "cpe:2.3:a:infradead:openconnect:1.20:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DFF4C32E-4053-4968-B2E7-C821908B3017"
},
{
"criteria": "cpe:2.3:a:infradead:openconnect:1.30:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "92A36920-3A90-4369-A8F4-515C423BE938"
},
{
"criteria": "cpe:2.3:a:infradead:openconnect:2.22:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D3192A04-7811-4688-BF1E-4B6FA91D83D5"
}
],
"operator": "OR"
}
]
}
]