CVE-2010-3902

OpenConnect before 2.26 places the webvpn cookie value in the debugging output, which might allow remote attackers to obtain sensitive information by reading this output, as demonstrated by output posted to the public openconnect-devel mailing list.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 67%
VendorProductVersion
infradeadopenconnect
𝑥
≤ 2.25
infradeadopenconnect
1.00
infradeadopenconnect
1.10
infradeadopenconnect
1.20
infradeadopenconnect
1.30
infradeadopenconnect
2.22
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
openconnect
bullseye
8.10-2
fixed
bookworm
9.01-3
fixed
sid
9.12-3
fixed
trixie
9.12-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
openconnect
saucy
not-affected
raring
not-affected
quantal
not-affected
precise
not-affected
oneiric
not-affected
natty
ignored
maverick
ignored
lucid
ignored
karmic
ignored
jaunty
dne
hardy
dne
dapper
dne
Common Weakness Enumeration
References
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051620.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051637.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051640.html
http://secunia.com/advisories/42381
http://www.infradead.org/openconnect.html
http://www.securityfocus.com/bid/44111
http://www.vupen.com/english/advisories/2010/3078
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051620.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051637.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051640.html
http://secunia.com/advisories/42381
http://www.infradead.org/openconnect.html
http://www.securityfocus.com/bid/44111
http://www.vupen.com/english/advisories/2010/3078