CVE-2018-1340
Description
Prior to 1.0.0, Apache Guacamole used a cookie for client-side storage of the users session token. This cookie lacked the "secure" flag, which could allow an attacker eavesdropping on the network to intercept the users session token if unencrypted HTTP requests are made to the same domain.
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.633
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2018-1340 are fixed in Apache-guacamole-common 1.0.0 | Windows |
| Vulnerabilities CVE-2018-1340 are fixed in Apache-guacamole-common for Linux 1.0.0 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234