882 matches found
nsupdate.info 安全漏洞
nsupdate.info is a free dynamic DNS service in the nsupdate.info development open source. A security vulnerability exists in nsupdate.info, which stems from a mishandling of the parameter CSRFCOOKIEHTTPONLY that results in a cookie without the "httponly" flag...
CVE-2022-45411
Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS attack to access to authorization headers and cookies inaccessible to JavaScript such as cookies protected by HTTPOnly. To mitigate this attack, browsers placed limits on fetch and XMLHttpReques...
CVE-2022-45411
CVE-2022-45411: Cross-Site Tracing vulnerability in Firefox/Thunderbird due to servers echoing Trace requests and exposure of authorization headers/cookies; mitigations have been implemented via browser fetch/XHR limits and non-standard headers like X-Http-Method-Override. The issue is acknowledg...
CVE-2022-4630
Sensitive Cookie Without 'HttpOnly' Flag in GitHub repository lirantal/daloradius prior to master...
PT-2022-27800 · Unknown · Daloradius
Name of the Vulnerable Software and Affected Versions: daloradius versions prior to master Description: The issue concerns a sensitive cookie without the 'HttpOnly' flag in the GitHub repository lirantal/daloradius. This could potentially allow unauthorized access to sensitive information...
CVE-2022-4630 Sensitive Cookie Without 'HttpOnly' Flag in lirantal/daloradius
Sensitive Cookie Without 'HttpOnly' Flag in GitHub repository lirantal/daloradius prior to master...
CVE-2022-4630
CVE-2022-4630 affects daloradius (GitHub repository lirantal/daloradius) with a missing HttpOnly flag on sensitive cookies prior to the master branch. Root cause: session cookie (PHPSESSID) transmitted without HttpOnly protection, enabling potential access to sensitive data. Documented impact ind...
CVE-2022-4630 Sensitive Cookie Without 'HttpOnly' Flag in lirantal/daloradius
Sensitive Cookie Without 'HttpOnly' Flag in GitHub repository lirantal/daloradius prior to master...
CVE-2022-4630 Sensitive Cookie Without 'HttpOnly' Flag in lirantal/daloradius
Sensitive Cookie Without 'HttpOnly' Flag in GitHub repository lirantal/daloradius prior to master...
Session cookie without 'HttpOnly' Flag
Description All versions of daloRADIUS prior to the master branch transmit the session cookie i.e. PHPSESSID without setting the HttpOnly flag. Proof of Concept $ curl --head http:///login.php HTTP/1.1 200 OK Date: Tue, 20 Dec 2022 14:11:38 GMT Server: Apache Set-Cookie:...
Mozilla: Cross-Site Tracing was possible via non-standard override headers
The Mozilla Foundation Security Advisory describes this flaw as: Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS attack to access to authorization headers and cookies inaccessible to JavaScript such as cookies protected by HTTPOnly. To mitiga...
Mozilla: Cross-Site Tracing was possible via non-standard override headers
The Mozilla Foundation Security Advisory describes this flaw as: Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS attack to access to authorization headers and cookies inaccessible to JavaScript such as cookies protected by HTTPOnly. To mitiga...
Mozilla: Cross-Site Tracing was possible via non-standard override headers
The Mozilla Foundation Security Advisory describes this flaw as: Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS attack to access to authorization headers and cookies inaccessible to JavaScript such as cookies protected by HTTPOnly. To mitiga...
Mozilla: Cross-Site Tracing was possible via non-standard override headers
The Mozilla Foundation Security Advisory describes this flaw as: Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS attack to access to authorization headers and cookies inaccessible to JavaScript such as cookies protected by HTTPOnly. To mitiga...
Mozilla: Cross-Site Tracing was possible via non-standard override headers
The Mozilla Foundation Security Advisory describes this flaw as: Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS attack to access to authorization headers and cookies inaccessible to JavaScript such as cookies protected by HTTPOnly. To mitiga...
AlmaLinux 8 : thunderbird (ALSA-2022:8547)
The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2022:8547 advisory. - Service Workers should not be able to infer information about opaque cross-origin responses; but timing information for cross-origin media combined with...
CVE-2022-45411
The Mozilla Foundation Security Advisory describes this flaw as: Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS attack to access to authorization headers and cookies inaccessible to JavaScript such as cookies protected by HTTPOnly. To mitiga...
CVE-2022-45411
Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS attack to access to authorization headers and cookies inaccessible to JavaScript such as cookies protected by HTTPOnly. To mitigate this attack, browsers placed limits on fetch and XMLHttpReques...
Codeigniter4's Secure or HttpOnly flag set in Config\Cookie is not reflected in Cookies issued
Impact Setting $secure or $httponly value to true in Config\Cookie is not reflected in setcookie or Response::setCookie. Note This vulnerability does not affect session cookies. The following code does not issue a cookie with the secure flag even if you set $secure = true in Config\Cookie. php...
GHSA-745P-R637-7VVP Codeigniter4's Secure or HttpOnly flag set in Config\Cookie is not reflected in Cookies issued
Impact Setting $secure or $httponly value to true in Config\Cookie is not reflected in setcookie or Response::setCookie. Note This vulnerability does not affect session cookies. The following code does not issue a cookie with the secure flag even if you set $secure = true in Config\Cookie. php...