ID CVE-2010-1507
Summary WebYaST in yast2-webclient in SUSE Linux Enterprise (SLE) 11 on the WebYaST appliance uses a fixed secret key that is embedded in the appliance's image, which allows remote attackers to spoof session cookies by leveraging knowledge of this key.
References
Vulnerable Configurations
  • cpe:2.3:o:novell:suse_linux:11:-:enterprise:*:*:*:*:*
    cpe:2.3:o:novell:suse_linux:11:-:enterprise:*:*:*:*:*
  • cpe:2.3:h:novell:webyast_appliance:*:*:*:*:*:*:*:*
    cpe:2.3:h:novell:webyast_appliance:*:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 06-09-2010 - 04:00)
Impact:
Exploitability:
CWE CWE-255
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:N/A:N
refmap via4
bid 42128
confirm
suse SUSE-SR:2010:014
Last major update 06-09-2010 - 04:00
Published 03-09-2010 - 20:00
Last modified 06-09-2010 - 04:00
Back to Top