Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-3014

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2011-3014
Last Modified 06 Sep 2011 11:18:06
Published 09 Aug 2011 06:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-3014

Summary

The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 does not properly restrict caching of HTTPS responses, which makes it easier for remote attackers to obtain sensitive information by leveraging an unattended workstation.

Vulnerable Systems

Application

  • Novell Data Synchronizer 1.0.0

  • Novell Data Synchronizer 1.1.0

  • Novell Data Synchronizer 1.1.1

  • Novell Data Synchronizer 1.1.2

  • Novell Mobility Pack 1.0

  • Novell Mobility Pack 1.1

  • Novell Mobility Pack 1.1.1

  • Novell Mobility Pack 1.1.2


References

XF - novell-data-mobility-info-disclosure(69167)

CONFIRM - http://www.novell.com/support/viewContent.do?externalId=7009057


Last Updated: 27 May 2016 10:57:14