Lucene search
+L

393 matches found

Hacker One
Hacker One
added 2022/05/05 5:48 p.m.38 views

curl: Cookie injection from non-secure context

Summary: Curl allows injecting cookies over insecure HTTP connection that will then be sent to the target site when connecting over HTTPS. As documented in lib/cookie.c https://github.com/curl/curl/blob/a04f0b961333e1a19848d073d8c7db9c20b2a371/lib/cookie.cL1039 this should not be possible: / A...

0.5AI score
Exploits0
Citrix
Citrix
added 2022/03/25 12:0 a.m.14 views

How to add secure attribute for citrix_ns_id cookie to Citrix Application Firewall Profile

Adding secure attribute for citrixnsid cookie...

7.2AI score
Exploits0
Prion
Prion
added 2022/03/16 1:15 a.m.15 views

Design/Logic Flaw

Gradle Enterprise before 2021.4.3 relies on cleartext data transmission in some situations. It uses Keycloak for identity management services. During the sign-in process, Keycloak sets browser cookies that effectively provide remember-me functionality. For backwards compatibility with older Safar...

4.3CVSS6.3AI score0.00536EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2022/03/15 12:0 a.m.4 views

Gradle 信息泄露漏洞

Gradle is a set of JVM-based project building tools from Gradle, Inc. that supports maven, Ivy repositories, and more. Gradle Enterprise suffers from a security vulnerability that stems from the fact that during the login process, Keycloak sets a browser cookie that effectively provides remember-...

6.5CVSS6.5AI score0.00536EPSS
Exploits0References4
Cvelist
Cvelist
added 2021/12/10 12:47 p.m.24 views

CVE-2021-37189

An issue was discovered on Digi TransPort Gateway devices through 5.2.13.4. They do not set the Secure attribute for sensitive cookies in HTTPS sessions, which could cause the user agent to send those cookies in cleartext over an HTTP session...

7.7AI score0.00588EPSS
Exploits0References2
OSV
OSV
added 2021/11/15 4:15 p.m.4 views

CVE-2021-38977

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent t...

4.3CVSS5.4AI score0.00515EPSS
Exploits0References2
NVD
NVD
added 2021/10/27 1:15 a.m.18 views

CVE-2021-35236

The Secure flag is not set in the SSL Cookie of Kiwi Syslog Server 9.7.2 and previous versions. The Secure attribute tells the browser to only send the cookie if the request is being sent over a secure channel such as HTTPS. This will help protect the cookie from being passed over unencrypted...

5.3CVSS0.00502EPSS
Exploits0References2
NVD
NVD
added 2021/10/21 5:15 p.m.22 views

CVE-2021-29883

IBM Standards Processing Engine IBM Transformation Extender Advanced 9.0 and 10.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. T...

4.3CVSS0.00521EPSS
Exploits0References2
OSV
OSV
added 2021/10/21 5:15 p.m.4 views

CVE-2021-29883

IBM Standards Processing Engine IBM Transformation Extender Advanced 9.0 and 10.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. T...

4.3CVSS5.6AI score0.00521EPSS
Exploits0References2
Prion
Prion
added 2021/10/14 9:15 a.m.11 views

Command injection

LedgerSMB does not set the 'Secure' attribute on the session authorization cookie when the client uses HTTPS and the LedgerSMB server is behind a reverse proxy. By tricking a user to use an unencrypted connection HTTP, an attacker may be able to obtain the authentication data by capturing network...

4CVSS6.9AI score0.00941EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2021/10/14 9:15 a.m.3 views

UBUNTU-CVE-2021-3882

LedgerSMB does not set the 'Secure' attribute on the session authorization cookie when the client uses HTTPS and the LedgerSMB server is behind a reverse proxy. By tricking a user to use an unencrypted connection HTTP, an attacker may be able to obtain the authentication data by capturing network...

6.8CVSS6.1AI score0.00941EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2021/10/14 12:0 a.m.3 views

PT-2021-4481 · Apache +3 · Apache +3

Name of the Vulnerable Software and Affected Versions: LedgerSMB version 1.8 Description: The issue is related to the absence of the 'Secure' attribute in session authorization cookies when the client uses HTTPS and the LedgerSMB server is behind a reverse proxy. This allows an attacker to obtain...

9.6CVSS7.1AI score0.03014EPSS
Exploits1References25
Huntr
Huntr
added 2021/10/08 4:6 p.m.7 views

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in publify/publify

Description Session cookie publifyblogsession is not marked with 'Secure' Proof of Concept Login to demo page https://demo-publify.herokuapp.com/ Open Firefox developer option - storage - check secure option Below link shows POC https://i.ibb.co/j3K5YDg/Screenshot-45.png...

0.7AI score
Exploits0References1
Huntr
Huntr
added 2021/10/06 7:21 p.m.8 views

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in kevinpapst/kimai2

Description Session cookie dancer.session is not marked with 'Secure' Proof of Concept Login to demo page https://demo-stable.kimai.org/en/dashboard/, Open Firefox developer option - storage - check secure option...

0.4AI score
Exploits0
Huntr
Huntr
added 2021/09/15 6:45 a.m.11 views

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in babybuddy/babybuddy

Description Secure flag is not implemented on the application Proof of Concept https://drive.google.com/file/d/1zWCQRRZl42kEbqrs0QS4hXyUdjnBRf/view Impact The secure flag is an option that can be set by the application server when sending a new cookie to the user within an HTTP Response. The...

Exploits0References1
Huntr
Huntr
added 2021/08/25 12:53 p.m.13 views

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in froxlor/froxlor

✍️ Description The secure flag is not set for PHPSESSID session cookie in the application. 🕵️‍♂️ Proof of Concept 💥 Impact If the secure flag is set on a cookie, then browsers will not submit the cookie in any requests that use an unencrypted HTTP connection, thereby preventing the cookie from...

0.3AI score
Exploits0References1
Huntr
Huntr
added 2021/07/30 5:39 p.m.53 views

in sergix44/xbackbone

✍️ Description According to 1 we have : The secure attribute is an option that can be set by the application server when sending a new cookie to the user within an HTTP Response. The purpose of the secure attribute is to prevent cookies from being observed by unauthorized parties due to the...

1AI score
Exploits0
Huntr
Huntr
added 2021/07/30 4:59 p.m.17 views

in babybuddy/babybuddy

✍️ Description According to 1 we have : The secure attribute is an option that can be set by the application server when sending a new cookie to the user within an HTTP Response. The purpose of the secure attribute is to prevent cookies from being observed by unauthorized parties due to the...

1AI score
Exploits0
OSV
OSV
added 2021/07/26 12:15 p.m.5 views

CVE-2021-29769

IBM i2 Analyst's Notebook Premium IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie...

4.3CVSS5.4AI score0.00511EPSS
Exploits0References2
NVD
NVD
added 2021/07/26 12:15 p.m.25 views

CVE-2021-29769

IBM i2 Analyst's Notebook Premium IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie...

4.3CVSS0.00511EPSS
Exploits0References2
Rows per page
Query Builder