Vulnerability Details CVE-2010-1507
WebYaST in yast2-webclient in SUSE Linux Enterprise (SLE) 11 on the WebYaST appliance uses a fixed secret key that is embedded in the appliance's image, which allows remote attackers to spoof session cookies by leveraging knowledge of this key.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 42.3%
CVSS Severity
CVSS v2 Score 5.0
References
- http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
- http://support.novell.com/security/cve/CVE-2010-1507.html
- http://www.securityfocus.com/bid/42128
- https://bugzilla.novell.com/show_bug.cgi?id=591345
- https://bugzilla.novell.com/show_bug.cgi?id=598834
- http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
- http://support.novell.com/security/cve/CVE-2010-1507.html
- http://www.securityfocus.com/bid/42128
- https://bugzilla.novell.com/show_bug.cgi?id=591345
- https://bugzilla.novell.com/show_bug.cgi?id=598834
Products affected by CVE-2010-1507
-
cpe:2.3:h:novell:webyast_appliance:*
-
cpe:2.3:o:novell:suse_linux:11