Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2018-1340 Vulnerability in maven package org.apache.guacamole:guacamole

Description

Prior to 1.0.0, Apache Guacamole used a cookie for client-side storage of the user's session token. This cookie lacked the "secure" flag, which could allow an attacker eavesdropping on the network to intercept the user's session token if unencrypted HTTP requests are made to the same domain.

Remediation

References

http://www.securityfocus.com/bid/106768

https://lists.apache.org/thread.html/af1632e13dd9acf7537546660cae9143cbb10fdd2f9bb0832a690979%40%3Cannounce.guacamole.apache.org%3E

Related Vulnerabilities

CVE-2017-16179 Vulnerability in npm package dasafio

CVE-2018-1282 Vulnerability in maven package org.apache.hive:hive-jdbc

CVE-2022-23106 Vulnerability in maven package io.jenkins:configuration-as-code

CVE-2017-10910 Vulnerability in npm package mqtt

CVE-2016-10687 Vulnerability in npm package windows-selenium-chromedriver

Severity

High

Classification

CWE-311 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Third Party Advisory