quarkus: HTTP security policy bypass

A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting requests, resulting in incorrect evaluation of permissions. This issue could allow an attacker to bypass the security policy altogether, resulting in unauthorized...

The vulnerability of Quarkus’ HTTP security policy allows attackers to circumvent security restrictions, gain unauthorized access to protected information, or cause service failures.

The vulnerability of Quarkus’ HTTP framework policy is related to deficiencies in access control, due to the lack of measures to neutralize the exploitable vulnerabilities. Exploiting this vulnerability allows a malicious actor to bypass security restrictions, gain unauthorized access to protecte...

The vulnerability of the iOS operating system allows a hacker to bypass the HSTS security mechanism and gain access to protected information.

The vulnerability of the CFNetwork HTTP Protocol component in the iOS operating system is related to the lack of protection for service data. Exploiting this vulnerability allows a malicious actor to bypass the HSTS security mechanism and gain access to protected information through a specially...

IT staffs pressured to relax Web security

From SearchSecurity.com Rob Westervelt IT managers are under pressure from the top executives in their organizations to relax their policies on Web security in order to make users more productive. A new survey of more than 1,000 IT managers found that sales and marketing personnel also are leanin...