CVE-2010-3902
EPSS 0.56%
Description
OpenConnect before 2.26 places the webvpn cookie value in the debugging output, which might allow remote attackers to obtain sensitive information by reading this output, as demonstrated by output posted to the public openconnect-devel mailing list.
How to fix CVE-2010-3902
To remediate CVE-2010-3902, upgrade the affected package to a fixed version below.
- Debian/openconnect—upgrade to 3.02-1 or later
Is CVE-2010-3902 being exploited?
Low — EPSS is 0.6%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 3.02-1