You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@guacamole.apache.org by mj...@apache.org on 2019/01/23 22:52:55 UTC
[guacamole-website] branch asf-site updated: Deploy documentation
of CVE-2018-1340.
This is an automated email from the ASF dual-hosted git repository.
mjumper pushed a commit to branch asf-site
in repository https://gitbox.apache.org/repos/asf/guacamole-website.git
The following commit(s) were added to refs/heads/asf-site by this push:
new 33c637f Deploy documentation of CVE-2018-1340.
33c637f is described below
commit 33c637fe777cb8dd81c84ddfd598251a8a6bf799
Author: Michael Jumper <mj...@apache.org>
AuthorDate: Wed Jan 23 14:52:25 2019 -0800
Deploy documentation of CVE-2018-1340.
---
content/security/index.html | 22 ++++++++++++++++++++++
1 file changed, 22 insertions(+)
diff --git a/content/security/index.html b/content/security/index.html
index a742e34..5eec905 100644
--- a/content/security/index.html
+++ b/content/security/index.html
@@ -421,6 +421,28 @@ mailing list of the <a href="https://www.apache.org/security/">ASF Security Team
the <a href="mailto:security@guacamole.apache.org">security@guacamole.apache.org</a> mailing list, before disclosing or
discussing the issue in a public forum.</p>
+<h2 id="fixed-in-apache-guacamole-100">Fixed in Apache Guacamole 1.0.0</h2>
+
+<ul>
+
+
+ <li>
+ <h3 id="CVE-2018-1340">
+ Secure flag missing from session cookie
+ (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1340">CVE-2018-1340</a>)
+ </h3>
+ <p>Prior to 1.0.0, Apache Guacamole used a cookie for client-side storage of the
+user’s session token. This cookie lacked the “secure” flag, which could allow
+an attacker eavesdropping on the network to intercept the user’s session token
+if unencrypted HTTP requests are made to the same domain.</p>
+
+<p>Acknowledgements: We would like to thank Ross Golder for reporting this issue.</p>
+
+
+ </li>
+
+</ul>
+
<h2 id="fixed-in-apache-guacamole-0911-incubating">Fixed in Apache Guacamole 0.9.11-incubating</h2>
<ul>