97 matches found
Apache Tomcat 安全漏洞
Apache Tomcat is a product of the Apache Foundation in the U.S. Apache Tomcat is a lightweight web application server. proto is an extensible program code template for creating objects. forward is an open source product. forward is an application. roc req is a product of individual developers. re...
Apache Tomcat 10.1.0.M1 < 10.1.6
The version of Tomcat installed on the remote host is prior to 10.1.6. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat10.1.6security-10 advisory. - When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the...
Apache Tomcat 8.5.0 < 8.5.86
The version of Tomcat installed on the remote host is prior to 8.5.86. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat8.5.86security-8 advisory. - When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the...
Fixed in Apache Tomcat 8.5.86
Important: Apache Tomcat information disclosure CVE-2023-28708 When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Tomcat did not include the secure attribute. This could result in th...
Fixed in Apache Tomcat 9.0.72
Important: Apache Tomcat information disclosure CVE-2023-28708 When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Tomcat did not include the secure attribute. This could result in th...
SUSE CVE-2017-5390
The JSON viewer in the Developer Tools uses insecure methods to create a communication channel for copying and viewing JSON or HTTP headers data, allowing for potential privilege escalation. This vulnerability affects Thunderbird 45.7, Firefox ESR 45.7, and Firefox 51...
SUSE CVE-2017-7480
rkhunter versions before 1.4.4 are vulnerable to file download over insecure channel when doing mirror update resulting into potential remote code execution...
CVE-2022-38846
EspoCRM version 7.1.8 is vulnerable to Missing Secure Flag allowing the browser to send plain text cookies over an insecure channel HTTP. An attacker may capture the cookie from the insecure channel using MITM attack...
CVE-2022-38846
EspoCRM version 7.1.8 is vulnerable to Missing Secure Flag allowing the browser to send plain text cookies over an insecure channel HTTP. An attacker may capture the cookie from the insecure channel using MITM attack...
CVE-2022-38846
EspoCRM version 7.1.8 is vulnerable to Missing Secure Flag allowing the browser to send plain text cookies over an insecure channel HTTP. An attacker may capture the cookie from the insecure channel using MITM attack...
Design/Logic Flaw
EspoCRM version 7.1.8 is vulnerable to Missing Secure Flag allowing the browser to send plain text cookies over an insecure channel HTTP. An attacker may capture the cookie from the insecure channel using MITM attack...
CVE-2022-38846
CVE-2022-38846 affects EspoCRM 7.1.8 with a Missing Secure Flag in cookies, allowing cookies to be sent over HTTP and potentially captured via MITM. Vulnerable component is the cookie security flag handling; impact is exposure of cookies from an insecure channel. The available connected documents...
PT-2022-24596 · Espocrm · Espocrm
Name of the Vulnerable Software and Affected Versions: EspoCRM version 7.1.8 Description: The issue allows the browser to send plain text cookies over an insecure channel HTTP due to a Missing Secure Flag. An attacker may capture the cookie from the insecure channel using a Man-In-The-Middle MITM...
CVE-2021-29847
BMC firmware IBM Power System S821LC Server 8001-12C OP825.50 configuration changed to allow an authenticated user to open an insecure communication channel which could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 205267...
MOXA Moxa NPort IA5150A Series 加密问题漏洞
MOXA Moxa NPort IA5150A Series is an industrial control device server from China Moxa MOXA. It is used for 1-port RS-232 / 422/485 industrial automation device server with serial/LAN/power surge protection, two 10/100BaseTX ports with single IP, and operating temperature from 0 to 60°C. The NPort...
Open-Xchange: Some build dependencies are downloaded over an insecure channel (without subsequent integrity checks)
The script phase of pdns's .travis.yml file runs a script named ./build-scripts/travis.sh. The main path of execution of this script downloads two dependencies libsodiumdev and libsodium13 via wget over an insecure channel i.e. using http rather than https. Further evidence of this can be found i...
Internet Bug Bounty: Some build dependencies are downloaded over an insecure channel (without subsequent integrity checks)
Summary: Build jobs mingw64 | openssl-1.1.1d and mingw32 | openssl-1.0.2u download dependencies from build.openvpn.net and www.oberhumer.comover an insecure channel http, not https and do not check their integrity in any way. This opens the door to person-in-the-middle attacks, whereby an attacke...
F5 BIG-IP Encryption Problem Vulnerability
F5 BIG-IP is an application delivery platform from F5 USA that integrates network traffic management, application security management, load balancing and other functions. A cryptographic issue vulnerability exists in the F5 BIG-IP system that stems from a program not using a secure communication...
F5 BIG-IP Encryption Problem Vulnerability (CNVD-2020-36270)
F5 BIG-IP is an application delivery platform from F5 USA that integrates network traffic management, application security management, load balancing and other functions. A cryptographic issue vulnerability exists in the F5 BIG-IP system, which stems from a program that does not use a secure...
CVE-2020-5885
On versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12.1.0-12.1.5.1, BIG-IP systems set up for connection mirroring in a high availability HA pair transfer sensitive cryptographic objects over an insecure communications channel. This is a control plane issue which is exposed only o...