264 matches found
wildfly-openssl: memory leak per HTTP session creation in WildFly OpenSSL
A memory leak flaw was found in WildFly OpenSSL in versions prior to 1.1.3.Final, where it removes an HTTP session. This flaw allows an attacker to cause an Out of memory OOM issue, leading to a denial of service. The highest threat from this vulnerability is to system availability...
Cross-Site Request Forgery (CSRF)
vertx-web is vulnerable to cross-site request forgery CSRF. The CSRF token provided by the framework is being sent as a HTTP session token and is not adequate to prevent CSRF attacks as the token is automatically included in every HTTP request...
CVE-2020-28452
This affects the package com.softwaremill.akka-http-session:core2.12 from 0 and before 0.6.1; all versions of package com.softwaremill.akka-http-session:core2.11; the package com.softwaremill.akka-http-session:core2.13 from 0 and before 0.6.1. CSRF protection can be bypassed by forging a request...
Cross site request forgery (csrf)
This affects the package com.softwaremill.akka-http-session:core2.12 from 0 and before 0.6.1; all versions of package com.softwaremill.akka-http-session:core2.11; the package com.softwaremill.akka-http-session:core2.13 from 0 and before 0.6.1. CSRF protection can be bypassed by forging a request...
CVE-2020-28452
CSRF protection bypass in the akka-http-session library (com.softwaremill.akka-http-session:core) is reported for multiple Scala versions: core_2.12 (before 0.6.1), core_2.11 (all versions), and core_2.13 (before 0.6.1). The root cause is a CSRF check that only ensures the X-XSRF-TOKEN header and...
CVE-2020-28452 Cross-site Request Forgery (CSRF)
This affects the package com.softwaremill.akka-http-session:core2.12 from 0 and before 0.6.1; all versions of package com.softwaremill.akka-http-session:core2.11; the package com.softwaremill.akka-http-session:core2.13 from 0 and before 0.6.1. CSRF protection can be bypassed by forging a request...
Softwaremill Akka-http-session Cross-Site Request Forgery Vulnerability
Softwaremill Softwaremill Akka-http-session is a codebase for providing continuous JWT and continuous connectivity support for single page or mobile applications from Softwaremill, Poland. A cross-site request forgery vulnerability exists in Softwaremill Akka-http-session core2.12 from 0 and befo...
Session fixation
SKYWORTH GN542VF Boa version 0.94.13 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session...
Security Bulletin: Financial Transaction Manager for Corporate Payment Services v2.1.1 is affected by a potential logout session timeout (CVE-2020-4555)
Summary Login session may not be invalidated in a timely manner on timeout. Vulnerability Details CVEID: CVE-2020-4555 DESCRIPTION: IBM Financial Transaction Manager for High Value Payments for Multi-Platform does not invalidate session after logout which could allow an authenticated user to...
Security Bulletin: Financial Transaction Manager for Corporate Payment Services is affected by a potential logout session timeout (CVE-2020-4555)
Summary Login session may not be invalidated in a timely manner on timeout. Vulnerability Details CVEID: CVE-2020-4555 DESCRIPTION: IBM Financial Transaction Manager for High Value Payments for Multi-Platform does not invalidate session after logout which could allow an authenticated user to...
Security Bulletin: Financial Transaction Manager for Check Services is affected by a potential logout session timeout (CVE-2020-4555)
Summary Login session may not be invalidated in a timely manner on timeout. Vulnerability Details CVEID: CVE-2020-4555 DESCRIPTION: IBM Financial Transaction Manager for High Value Payments for Multi-Platform does not invalidate session after logout which could allow an authenticated user to...
wildfly-openssl: memory leak per HTTP session creation in WildFly OpenSSL
A memory leak flaw was found in WildFly OpenSSL in versions prior to 1.1.3.Final, where it removes an HTTP session. This flaw allows an attacker to cause an Out of memory OOM issue, leading to a denial of service. The highest threat from this vulnerability is to system availability...
wildfly-openssl: memory leak per HTTP session creation in WildFly OpenSSL
A memory leak flaw was found in WildFly OpenSSL in versions prior to 1.1.3.Final, where it removes an HTTP session. This flaw allows an attacker to cause an Out of memory OOM issue, leading to a denial of service. The highest threat from this vulnerability is to system availability...
CVE-2020-4126
HCL iNotes is susceptible to a sensitive cookie exposure vulnerability. This can allow an unauthenticated remote attacker to capture the cookie by intercepting its transmission within an http session. Fixes are available in HCL Domino and iNotes versions 10.0.1 FP6 and 11.0.1 FP2 and later...
Design/Logic Flaw
HCL iNotes is susceptible to a sensitive cookie exposure vulnerability. This can allow an unauthenticated remote attacker to capture the cookie by intercepting its transmission within an http session. Fixes are available in HCL Domino and iNotes versions 10.0.1 FP6 and 11.0.1 FP2 and later...
CVE-2020-4126
HCL iNotes is susceptible to a sensitive cookie exposure vulnerability. This can allow an unauthenticated remote attacker to capture the cookie by intercepting its transmission within an http session. Fixes are available in HCL Domino and iNotes versions 10.0.1 FP6 and 11.0.1 FP2 and later...
Cross-Site Request Forgery (CSRF)
akka-http-session is vulnerable to cross-site request forgery CSRF. The CSRF protection can be bypassed using an empty X-XSRF-TOKEN header and a XSRF-TOKEN cookie with empty value...
CVE-2020-7780
This affects the package com.softwaremill.akka-http-session:core2.13 before 0.5.11; the package com.softwaremill.akka-http-session:core2.12 before 0.5.11; the package com.softwaremill.akka-http-session:core2.11 before 0.5.11. For older versions, endpoints protected by randomTokenCsrfProtection...
CVE-2020-7780
This affects the package com.softwaremill.akka-http-session:core2.13 before 0.5.11; the package com.softwaremill.akka-http-session:core2.12 before 0.5.11; the package com.softwaremill.akka-http-session:core2.11 before 0.5.11. For older versions, endpoints protected by randomTokenCsrfProtection...
Code injection
This affects the package com.softwaremill.akka-http-session:core2.13 before 0.5.11; the package com.softwaremill.akka-http-session:core2.12 before 0.5.11; the package com.softwaremill.akka-http-session:core2.11 before 0.5.11. For older versions, endpoints protected by randomTokenCsrfProtection...