Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2010-1507 at MITRE


WebYaST in yast2-webclient in SUSE Linux Enterprise (SLE) 11 on the WebYaST appliance uses a fixed secret key that is embedded in the appliance's image, which allows remote attackers to spoof session cookies by leveraging knowledge of this key.
CVSS v2 Scores
  National Vulnerability Database
Base Score 4.96
Vector AV:N/AC:L/Au:N/C:P/I:N/A:N
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact Partial
Integrity Impact None
Availability Impact None

SUSE information

SUSE Bugzilla entries: 591345 [RESOLVED / FIXED], 598834 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Webyast
  • yast2-webclient-patch_updates >= 0.0.11-0.1.1
  • yast2-webservice >= 0.0.22-0.1.1
  • yast2-webservice-patches >= 0.0.12-0.1.1
SAT Patch Nr: 2616
SUSE Webyast
  • yast2-webclient >= 0.0.31-0.1.1
SAT Patch Nr: 2408