Vulnerability in Novell Suse_linux

CVE-2010-1507

WebYaST in yast2-webclient in SUSE Linux Enterprise (SLE) 11 on the WebYaST appliance uses a fixed secret key that is embedded in the appliance's image, which allows remote attackers to spoof session cookies by leveraging knowledge of this…

EPSS: 0.001 (34.5th percentile) — read the EPSS interpretation.

Affected products

Novell Suse_linux — versions 11
Novell Webyast_appliance
N/a — versions n/a

Weakness classification (CWE)

CWE-255

References

cve@mitre.org (x_refsource_CONFIRM)
cve@mitre.org (x_refsource_CONFIRM)
42128 (vdb-entry, x_refsource_BID)
SUSE-SR:2010:014 (vendor-advisory, x_refsource_SUSE)
cve@mitre.org (x_refsource_CONFIRM)