Lucene search
+L

27 matches found

Debian CVE
Debian CVE
added 2024/12/02 5:10 p.m.16 views

CVE-2024-53990

The AsyncHttpClient AHC library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. When making any HTTP request, the automatically enabled and self-managed CookieStore aka cookie jar will silently replace explicitly defined Cookies with any that ha...

9.2CVSS7.9AI score0.00587EPSS
Exploits0
Cvelist
Cvelist
added 2024/12/02 5:10 p.m.36 views

CVE-2024-53990 AsyncHttpClient (AHC) library's `CookieStore` replaces explicitly defined `Cookie`s

The AsyncHttpClient AHC library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. When making any HTTP request, the automatically enabled and self-managed CookieStore aka cookie jar will silently replace explicitly defined Cookies with any that ha...

9.2CVSS0.00587EPSS
Exploits0References4
CVE
CVE
added 2024/12/02 5:10 p.m.4268 views

CVE-2024-53990

The CVE-2024-53990 issue affects the AsyncHttpClient (AHC) library where an auto-enabled CookieStore silently replaces cookies with the same name from the cookie jar. This can cause cookies from one user to be used in another user’s requests, creating potential unauthorized data exposure in multi...

9.2CVSS6.7AI score0.00587EPSS
Exploits0References4
OSV
OSV
added 2024/12/02 5:10 p.m.14 views

CVE-2024-53990 AsyncHttpClient (AHC) library's `CookieStore` replaces explicitly defined `Cookie`s

The AsyncHttpClient AHC library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. When making any HTTP request, the automatically enabled and self-managed CookieStore aka cookie jar will silently replace explicitly defined Cookies with any that ha...

9.2CVSS7.9AI score0.00587EPSS
Exploits0References6
Hacker One
Hacker One
added 2016/04/25 5:47 a.m.28 views

Algolia: RCE on facebooksearch.algolia.com

While doing recon on Algolia, I found that the session secret for facebooksearch.algolia.com has been committed to a public GitHub repository. Since the Rails app running at facebooksearch.algolia.com is using CookieStore as the session storage, this means an attacker knowing the session secret c...

0.2AI score
Exploits0
ThreatPost
ThreatPost
added 2013/11/26 2:54 p.m.46 views

Nearly 2000 Sites Vulnerable to Ruby on Rails Cookie Problem

A lingering security issue in Ruby on Rails that stems from a setting in the framework’s cookie-based storage mechanism is still present in almost 2,000 websites. Sites using an old version of Ruby on Rails that relies on CookieStore, the framework’s default cookie storage mechanism, are at risk...

Exploits0References5
ThreatPost
ThreatPost
added 2013/09/25 3:6 p.m.12 views

Some Versions of Ruby on Rails Could Expose Cookies

Versions 2.0 to 4.0 of the popular open source Web framework Ruby on Rails are vulnerable to a Web security issue involving cookies that could make it much easier for someone to log in to an app as another user. According to security researcher G.S. McNamara, Ruby on Rails’ defacto session storin...

1AI score
Exploits0References4
Rows per page
Query Builder