Vulnerability Description
OpenConnect before 2.26 places the webvpn cookie value in the debugging output, which might allow remote attackers to obtain sensitive information by reading this output, as demonstrated by output posted to the public openconnect-devel mailing list.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Infradead | Openconnect | <= 2.25 |
Related Weaknesses (CWE)
References
- http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051620.h
- http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051637.h
- http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051640.h
- http://secunia.com/advisories/42381
- http://www.infradead.org/openconnect.html
- http://www.securityfocus.com/bid/44111
- http://www.vupen.com/english/advisories/2010/3078
- http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051620.h
- http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051637.h
- http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051640.h
- http://secunia.com/advisories/42381
- http://www.infradead.org/openconnect.html
- http://www.securityfocus.com/bid/44111
- http://www.vupen.com/english/advisories/2010/3078
FAQ
What is CVE-2010-3902?
CVE-2010-3902 is a vulnerability with a CVSS score of 5.0 (MEDIUM). OpenConnect before 2.26 places the webvpn cookie value in the debugging output, which might allow remote attackers to obtain sensitive information by reading this output, as demonstrated by output pos...
How severe is CVE-2010-3902?
CVE-2010-3902 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-3902?
Check the references section above for vendor advisories and patch information. Affected products include: Infradead Openconnect.