3243 matches found
CVE-2015-8125
CVE-2015-8125 affects Symfony 2.3.x before 2.3.35, 2.6.x before 2.6.12, and 2.7.x before 2.7.7. It describes a potential remote timing-attack vulnerability in the Symfony Security Remember-Me service (PersistentTokenBasedRememberMeServices), the DigestAuthenticationListener, and the legacy CSRF i...
CVE-2015-8125
Symfony 2.3.x before 2.3.35, 2.6.x before 2.6.12, and 2.7.x before 2.7.7 might allow remote attackers to have unspecified impact via a timing attack involving the 1 Symfony/Component/Security/Http/RememberMe/PersistentTokenBasedRememberMeServices or 2...
Sniffly - Sniffing Browser History Using HSTS + CSP.
Sniffly is an attack that abuses HTTP Strict Transport Security and Content Security Policy to allow arbitrary websites to sniff a user's browsing history. It has been tested in Firefox and Chrome. More info available in my ToorCon 2015 slides:...
Debian DSA-3402-1 : symfony - security update
Several vulnerabilities have been discovered in symfony, a framework to create websites and web applications. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2015-8124 The RedTeam Pentesting GmbH team discovered a session fixation vulnerability within th...
DSA-3402-1 symfony - security update
Bulletin has no description...
Debian Security Advisory DSA 3402-1 (symfony - security update)
Several vulnerabilities have been discovered in symfony, a framework to create websites and web applications. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2015-8124The RedTeam Pentesting GmbH team discovered a session fixation vulnerability within the...
CVE-2015-8125: Potential Remote Timing Attack Vulnerability in Security Remember-Me Service
More info at https://symfony.com/cve-2015-8125...
CVE-2015-8125: Potential Remote Timing Attack Vulnerability in Security Remember-Me Service
More info at https://symfony.com/cve-2015-8125...
CVE-2015-8125: Potential Remote Timing Attack Vulnerability in Security Remember-Me Service
More info at https://symfony.com/cve-2015-8125...
CVE-2015-8125: Potential Remote Timing Attack Vulnerability in Security Remember-Me Service
More info at https://symfony.com/cve-2015-8125...
CVE-2015-8125: Potential Remote Timing Attack Vulnerability in Security Remember-Me Service
Affected Versions Symfony 2.3.0 to 2.3.34, 2.6.0 - 2.6.11, 2.7.0 - 2.7.6 versions of the Security component are affected by this security issue. This issue has been fixed in Symfony 2.3.35, 2.6.12, and 2.7.7. Note that no fixes are provided for Symfony 2.4 and 2.5 as they are not maintained...
Debian: Security Advisory (DSA-3402-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2015-5730
The sanitizewidgetinstance function in wp-includes/class-wp-customize-widgets.php in WordPress before 4.2.4 does not use a constant-time comparison for widgets, which allows remote attackers to conduct a timing side-channel attack by measuring the delay before inequality is calculated...
CVE-2015-5730
The sanitizewidgetinstance function in wp-includes/class-wp-customize-widgets.php in WordPress before 4.2.4 does not use a constant-time comparison for widgets, which allows remote attackers to conduct a timing side-channel attack by measuring the delay before inequality is calculated...
Ruby on Rails: http_basic_authenticate_with is suseptible to timing attacks.
Timing attack vulnerability in basic authentication in Action Controller. There is a timing attack vulnerability in the basic authentication support in Action Controller. This vulnerability has been assigned the CVE identifier CVE-2015-7576. Versions Affected: All. Not affected: None. Fixed...
Mageia: Security Advisory (MGASA-2015-0317)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Oracle: Security Advisory (ELSA-2013-0587)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Oracle: Security Advisory (ELSA-2013-0588)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2015-6728
The ApiBase::getWatchlistUser function in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 does not perform token comparison in constant time, which allows remote attackers to guess the watchlist token and bypass CSRF protection via a timing attack...
CVE-2015-6728
The ApiBase::getWatchlistUser function in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 does not perform token comparison in constant time, which allows remote attackers to guess the watchlist token and bypass CSRF protection via a timing attack...