CVE-2018-1340

7.5HIGH

Key Information:

Vendor: Apache
Status: Apache Guacamole
Vendor: CVE Published:; 7 February 2019

Summary

Prior to 1.0.0, Apache Guacamole used a cookie for client-side storage of the user's session token. This cookie lacked the "secure" flag, which could allow an attacker eavesdropping on the network to intercept the user's session token if unencrypted HTTP requests are made to the same domain.

Affected Version(s)

Apache Guacamole Apache Guacamole 0.9.4 to 0.9.14

References

https://lists.apache.org/thread.html/af1632e13dd9acf75375...

x_refsource_MISC

http://www.securityfocus.com/bid/106768

vdb-entryx_refsource_BID

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 7, 2019
Vulnerability Reserved
Dec 7, 2017