UBUNTU-CVE-2018-10100

Before WordPress 4.9.5, the redirection URL for the login page was not validated or sanitized if forced to use HTTPS...

tomcat: Infinite loop in the processing of https requests

It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop...

WebKitGTK+ Late TLS Certificate Validation Vulnerability

WebKitGTK+ is a versatile port for the WebKit rendering engine. A security vulnerability exists in the Late TLS certificate validation of WebKitGTK+. A remote attacker can exploit this vulnerability to obtain secure HTTP request information via sniffing...

Design/Logic Flaw

Late TLS certificate verification in WebKitGTK+ prior to 2.6.6 allows remote attackers to view a secure HTTP request, including, for example, secure cookies...

CVE-2015-2330

Late TLS certificate verification in WebKitGTK+ prior to 2.6.6 allows remote attackers to view a secure HTTP request, including, for example, secure cookies...

HTTPS Protocol Certificate Validation Vulnerability in AVTECH Devices

AVTECH, founded in 1996, is one of the world's leading CCTV manufacturers. The main products are surveillance equipment, network cameras, network video recorders and so on. AVTECH devices are vulnerable to HTTPS protocol certificate validation vulnerability. SyncCloudAccount.sh, QueryFromClient.s...

PT-2014-2155 · Debian · Apt

Name of the Vulnerable Software and Affected Versions: apt versions prior to 0.8.11 Description: The issue allows man-in-the-middle attackers to obtain repository credentials via unspecified vectors when the certificate host name fails validation and Verify-Host is enabled. Recommendations: For...

Apple iTunes Multiple Vulnerabilities (HT6001) - Windows

Apple iTunes is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apple:itunes";...

Tomcat - Denial Of Service when using NIO+SSL+sendfile

org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service infinite loop by terminating the connection during the reading of a...

PT-2012-6098 · Apache · Apache Cxf

Name of the Vulnerable Software and Affected Versions: Apache CXF versions prior to 2.7.0 Description: The issue arises from the wsdl first https sample code in Apache CXF, which fails to verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field...

DEBIAN-CVE-2010-4340

libcloud before 0.4.1 does not verify SSL certificates for HTTPS connections, which allows remote attackers to spoof certificates and bypass intended access restrictions via a man-in-the-middle MITM attack...

Facebook Adds Two-Factor Authentication

Social networking giant Facebook announced on Tuesday that it was introducing a two-factor security feature that will make user accounts harder to hijack. The announcement was part of a group of security enhancements by Facebook that includes improved secure HTTP features and social reporting too...

DEBIAN-CVE-2010-3900

Midori before 0.2.5, when WebKitGTK+ before 1.1.14 or LibSoup before 2.29.91 is used, does not verify X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary https web sites via a crafted server certificate, a related issue to CVE-2010-3312...

Zeus Trojan Now Has Hardware Licensing Scheme

The authors of the Zeus bot client, perhaps the most popular and pervasive piece of malware of its kind right now, have taken an extraordinary step to protect their creation: inserting a hardware-based licensing scheme into the Trojan. This represents a significant leap in the sophistication and...

Firefox directives to not cache pages ignored

Mozilla Firefox 3.x before 3.0.6 does not properly implement the 1 no-store and 2 no-cache Cache-Control directives, which allows local users to obtain sensitive information by using the a back button or b history list of the victim's browser, as demonstrated by reading the response page of an...

security flaw

Cross-site scripting vulnerability in the modssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a...

CVE-2018-14773: Remove support for legacy and risky HTTP headers

More info at https://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers...