Description
Prior to 1.0.0, Apache Guacamole used a cookie for client-side storage of the user's session token. This cookie lacked the "secure" flag, which could allow an attacker eavesdropping on the network to intercept the user's session token if unencrypted HTTP requests are made to the same domain.
Remediation
References
http://www.securityfocus.com/bid/106768
https://lists.apache.org/thread.html/af1632e13dd9acf7537546660cae9143cbb10fdd2f9bb0832a690979%40%3Cannounce.guacamole.apache.org%3E
Related Vulnerabilities
CVE-2017-16119 Vulnerability in maven package org.webjars.npm:fresh
CVE-2019-14772 Vulnerability in npm package verdaccio
CVE-2017-7656 Vulnerability in maven package org.eclipse.jetty:jetty-server
CVE-2021-41184 Vulnerability in maven package org.webjars:jquery-ui
CVE-2023-3691 Vulnerability in maven package org.webjars:layui