| Vulnerability Name: | CVE-2011-3014 (CCN-69167) | ||||||||
| Assigned: | 2011-08-05 | ||||||||
| Published: | 2011-08-05 | ||||||||
| Updated: | 2017-08-29 | ||||||||
| Summary: | The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 does not properly restrict caching of HTTPS responses, which makes it easier for remote attackers to obtain sensitive information by leveraging an unattended workstation. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
| ||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N) 3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-264 | ||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||
| References: | Source: MITRE Type: CNA CVE-2011-3014 Source: CCN Type: Novell Document ID: 7009057 Cacheable HTTPS Response Source: CONFIRM Type: Vendor Advisory http://www.novell.com/support/viewContent.do?externalId=7009057 Source: CCN Type: OSVDB ID: 74524 Novell Data Synchronizer Mobility Pack HTTPS Response Caching Restriction Weakness Information Disclosure Source: XF Type: UNKNOWN novell-data-mobility-info-disclosure(69167) Source: XF Type: UNKNOWN novell-data-mobility-info-disclosure(69167) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||