Lucene search
K

376 matches found

Cvelist
Cvelist
added 2015/04/10 2:0 p.m.20 views

CVE-2015-1090

CFNetwork in Apple iOS before 8.3 does not delete HTTP Strict Transport Security HSTS state information in response to a Safari history-clearing action, which allows attackers to obtain sensitive information by reading a history file...

4.8AI score0.01485EPSS
Exploits0References4
Hacker One
Hacker One
added 2015/03/12 4:34 p.m.22 views

itBit Exchange: ITBit Vulnerable to SSLSTrip

www.itbit.com details: High Level, description It is possible for a malicious user to capture credential information of a www.itbit.com user with the use of SSLStrip. The scenario is that if a user is in a internet cafe and browses the internet while a malicious user intercepts his traffic, the w...

6.6AI score
Exploits0
Hacker One
Hacker One
added 2014/07/15 3:54 a.m.48 views

Automattic: Missing HSTS header in https://app.simplenote.com

Hi, Vulnerable Website: https://app.simplenote.com I tested the website using firefox add-on called: Strict Transport Security Detector https://addons.mozilla.org/en-US/firefox/addon/strict-transport-security-d/ HSTS addresses the following threats: User bookmarks or manually types...

6.8AI score
Exploits0
n0where
n0where
added 2014/01/24 4:39 p.m.38 views

Tor Exit Relay Scanner: Exitmap

Tor is one of the best and freely available privacy software that lets people communicate anonymously online through a series of nodes that is designed to provide anonymity for users and bypass Internet censorship. An exit node, the final destination in the series of servers Tor users hop through...

7AI score
Exploits0References3
ThreatPost
ThreatPost
added 2014/01/09 11:17 a.m.10 views

Yahoo Encryption Slammed for Lack of Forward Secrecy, HSTS

Yahoo, as promised, rolled out HTTPs by default this week for its email service, bringing it in line with other Internet companies that have been securing users’ communication for years. But if Yahoo expected applause from security experts, it can think again. The response from those well-versed ...

7.1AI score
Exploits0References4
Metasploit
Metasploit
added 2012/11/30 2:30 p.m.15 views

HTTP Strict Transport Security (HSTS) Detection

Display HTTP Strict Transport Security HSTS information about each system. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HTTP Strict Transport Security HSTS Detection', 'Description' = %q...

7.1AI score
Exploits0
ThreatPost
ThreatPost
added 2012/11/05 5:10 p.m.12 views

Mozilla Adding More Stringent HTTPS Enforcement to Firefox

Mozilla is adding an extra layer of security in its Firefox browser by implementing HTTP Strict Transport Security HSTS, a mechanism that will force some sites into establishing a secure, HTTPS connection with the browser if its presented with the right certificate. According to an entry on...

0.3AI score
Exploits0References9
OpenVAS
OpenVAS
added 2011/08/19 12:0 a.m.28 views

Google Chrome Secure Cookie Security Bypass Vulnerability - Windows

Google Chrome is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.8CVSS6.2AI score0.01012EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2011/08/19 12:0 a.m.26 views

Google Chrome Secure Cookie Security Bypass Vulnerability - Mac OS X

Google Chrome is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.8CVSS6.2AI score0.01012EPSS
Exploits0References3
NVD
NVD
added 2011/08/09 7:55 p.m.21 views

CVE-2008-7295

Microsoft Internet Explorer cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security HSTS...

5.8CVSS6.4AI score0.05105EPSS
Exploits0References5
NVD
NVD
added 2011/08/09 7:55 p.m.29 views

CVE-2008-7294

Google Chrome before 4.0.211.0 cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security HSTS...

5.8CVSS6.2AI score0.01012EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2011/08/09 7:55 p.m.42 views

CVE-2008-7293

Mozilla Firefox before 4 cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security HSTS...

5.8CVSS7.3AI score0.01675EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2011/08/09 7:55 p.m.27 views

CVE-2008-7294

Google Chrome before 4.0.211.0 cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security HSTS...

5.8CVSS6AI score0.01012EPSS
Exploits0References4
Prion
Prion
added 2011/08/09 7:55 p.m.21 views

Design/Logic Flaw

Mozilla Firefox before 4 cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security HSTS...

5.8CVSS7AI score0.01675EPSS
Exploits0References6Affected Software1
ThreatPost
ThreatPost
added 2010/10/29 7:51 p.m.69 views

To Combat Firesheep, Microsoft's Bing Looking Into SSL

Microsoft’s Bing is looking into SSL and other privacy settings for the next version of their search engine. Currently the site strips SSL when forced into HTTPS and in turn, brings up an advisory on browsers signaling an unsafe connection. Introduced at Toorcon, the Firefox extension allows...

9.3CVSS8.3AI score0.99945EPSS
Exploits33References3
ThreatPost
ThreatPost
added 2010/08/27 6:6 p.m.10 views

Firefox 4 to Include HTTP Strict Transport Security Support

In an effort to help mitigate man-in-the-middle attacks that make normal HTTP connections look like secured HTTPS sessions, Mozilla is adding support in Firefox 4 for a new technology called HTTP Strict Transport Security that enables site operators to tell browsers to always request an HTTPS...

Exploits0References6
Rows per page
Query Builder