|CVSS SCORE||6.8, (AV:N/AC:M/Au:N/C:P/I:P/A:P)|
The specific flaw exists within Rtrlet.class. By sending a POST request with the maintenance variable set to "ShowLogins" the applet returns information about the logged in users. An attacker can leverage this to leak the Session ID's of the logged in users.
Novell has issued an update to correct this vulnerability. More details can be found at: