Описание
WebYaST in yast2-webclient in SUSE Linux Enterprise (SLE) 11 on the WebYaST appliance uses a fixed secret key that is embedded in the appliance's image, which allows remote attackers to spoof session cookies by leveraging knowledge of this key.
Ссылки
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:novell:suse_linux:11:-:enterprise:*:*:*:*:*
cpe:2.3:h:novell:webyast_appliance:*:*:*:*:*:*:*:*
EPSS
Процентиль: 42%
0.00195
Низкий
5 Medium
CVSS2
Дефекты
CWE-255
Связанные уязвимости
github
больше 3 лет назад
WebYaST in yast2-webclient in SUSE Linux Enterprise (SLE) 11 on the WebYaST appliance uses a fixed secret key that is embedded in the appliance's image, which allows remote attackers to spoof session cookies by leveraging knowledge of this key.
EPSS
Процентиль: 42%
0.00195
Низкий
5 Medium
CVSS2
Дефекты
CWE-255