CVE-2018-1340 — HIGH (7.5) — White Hats Nepal

Q: How severe is CVE-2018-1340?

CVE-2018-1340 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2018-1340?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Guacamole.

Vulnerability Description

Prior to 1.0.0, Apache Guacamole used a cookie for client-side storage of the user's session token. This cookie lacked the "secure" flag, which could allow an attacker eavesdropping on the network to intercept the user's session token if unencrypted HTTP requests are made to the same domain.

CVSS Score

7.5

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Apache	Guacamole	<= 0.9.14

Related Weaknesses (CWE)

CWE-311

References

http://www.securityfocus.com/bid/106768Third Party Advisory
https://lists.apache.org/thread.html/af1632e13dd9acf7537546660cae9143cbb10fdd2f9
http://www.securityfocus.com/bid/106768Third Party Advisory
https://lists.apache.org/thread.html/af1632e13dd9acf7537546660cae9143cbb10fdd2f9

FAQ

What is CVE-2018-1340?

CVE-2018-1340 is a vulnerability with a CVSS score of 7.5 (HIGH). Prior to 1.0.0, Apache Guacamole used a cookie for client-side storage of the user's session token. This cookie lacked the "secure" flag, which could allow an attacker eavesdropping on the network to ...

How severe is CVE-2018-1340?

CVE-2018-1340 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-1340?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Guacamole.