CVE-2010-3902
Severity CVSS v4.0:
Pending analysis
Type:
CWE-200
Information Leak / Disclosure
Publication date:
14/10/2010
Last modified:
11/04/2025
Description
OpenConnect before 2.26 places the webvpn cookie value in the debugging output, which might allow remote attackers to obtain sensitive information by reading this output, as demonstrated by output posted to the public openconnect-devel mailing list.
Impact
Base Score 2.0
5.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:infradead:openconnect:*:*:*:*:*:*:*:* | 2.25 (including) | |
| cpe:2.3:a:infradead:openconnect:1.00:*:*:*:*:*:*:* | ||
| cpe:2.3:a:infradead:openconnect:1.10:*:*:*:*:*:*:* | ||
| cpe:2.3:a:infradead:openconnect:1.20:*:*:*:*:*:*:* | ||
| cpe:2.3:a:infradead:openconnect:1.30:*:*:*:*:*:*:* | ||
| cpe:2.3:a:infradead:openconnect:2.22:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051620.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051637.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051640.html
- http://secunia.com/advisories/42381
- http://www.infradead.org/openconnect.html
- http://www.securityfocus.com/bid/44111
- http://www.vupen.com/english/advisories/2010/3078
- http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051620.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051637.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051640.html
- http://secunia.com/advisories/42381
- http://www.infradead.org/openconnect.html
- http://www.securityfocus.com/bid/44111
- http://www.vupen.com/english/advisories/2010/3078