5272 matches found
CVE-2016-9253
In F5 BIG-IP 12.1.0 through 12.1.2, specific websocket traffic patterns may cause a disruption of service for virtual servers configured to use the websocket profile...
CVE-2016-9253
In F5 BIG-IP 12.1.0 through 12.1.2, specific websocket traffic patterns may cause a disruption of service for virtual servers configured to use the websocket profile...
CVE-2016-9253
Summary: CVE-2016-9253 affects F5 BIG-IP 12.1.0–12.1.2 where certain websocket traffic patterns can disrupt services on virtual servers using the websocket profile. The vulnerability is in the data plane and requires crafted websocket traffic to cause a denial of service; HTTP-profile-only server...
F5 Networks BIG-IP : Websocket profile vulnerability (K51351360)
In F5 BIG-IP 12.1.0 through 12.1.2, specific websocket traffic patterns may cause a disruption of service for virtual servers configured to use the websocket profile. CVE-2016-9253 Note : Virtual servers configured to use the HTTP profile and no websocket profile that process websocket traffic ar...
WebSocket vulnerability and protection details-vulnerability warning-the black bar safety net
socket description A socket is a network communication of an endpoint. the socket is always divided into two parts: an IP address and a port. For example:when you visit www. myhack58. com, your computer and the website server is using socket(endpoints to communicate. The website endpoint will be:...
Starscream 2.0.3 SSL Pinning Bypass Vulnerability
WebSocket.swift in Starscream versions 2.0.3 and below allows an SSL Pinning bypass because of incorrect management of the certValidated variable it can be set to true but cannot be set to false. An attacker can achieve traffic interception from a man-in-the-middle position, first by resetting th...
Denial Of Service (DoS)
nes is vulnerable to denial of service DoS attacks. The node process will error and exit when an invalid cookie header is sent with a websocket upgrade request. This only happens when websocket authentication is set to cookie...
CentOS Update for httpd CESA-2017:0906 centos7
Check the version of httpd SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882692";...
Moderate: Red Hat Security Advisory: httpd security and bug fix update
An update for httpd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
CVE-2017-5887
CVE-2017-5887 affects Starscream’s WebSocket.swift prior to version 2.0.4. The vulnerability is an SSL pinning bypass caused by where pinning is performed: pinning occurs in the stream function, which is later than appropriate; pinning should be established in initStreamsWithData. This misplaceme...
CVE-2017-5887
WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning bypass because pinning occurs in the stream function this is too late; pinning should occur in the initStreamsWithData function...
Using WebSocket as your Real Time Protocol? Wallam got you covered.
In the beginning there was http 1 or 2, web pages were static and did not do much beyond displaying static text and images. Life has changed since… Web applications discovered that bi-directional communication between the browser and the web server is essential. Of course, http protocol, with it’...
macOS iBooks Parsing a maliciously crafted iBooks file lead to local file disclosure(CVE-2017-2426)
On a previous post about ePub parsers This book reads you - exploiting services and readers that support the ePub book format, I mentioned using scripting capabilities in ePub to perform local attacks against users. Apple just released a fix for one issue I reported last year in iBooks that allow...
Cross-Site WebSocket Hijack
zeppelin-server is vulnerable to cross-site websocket hijacking because the websockets are not restrained by the same-origin policy. This could allow an attacker to create a malicious website and trick the user into opening it...
Denial of Service
Overview Affected versions of nes are vulnerable to denial of service when given an invalid cookie header, and websocket authentication is set to cookie. Submitting an invalid cookie on the websocket upgrade request will cause the node process to throw and exit. Recommendation Update to version...
gdbgui - A browser-based frontend/gui for GDB
A modern, browser-based frontend to gdb gnu debugger. Add breakpoints, view stack traces, and more in C, C++, Go, and Rust! Simply run gdbgui from the terminal and a new tab will open in your browser. Install sudo pip install gdbgui --upgrade Since gdbgui is under active development, consider...
CVE-2017-5621
An issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1. XSS can be triggered via malicious HTML in a chat message or the content of a ticket article, when using either the REST API or the WebSocket API...
CVE-2017-5621
An issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1. XSS can be triggered via malicious HTML in a chat message or the content of a ticket article, when using either the REST API or the WebSocket API...
CVE-2017-5621
CVE-2017-5621 affects Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1. The issue is a cross-site scripting (XSS) vulnerability triggered by malicious HTML in chat messages or ticket article content when using REST or WebSocket APIs. The vulnerability allows an attacker to inject s...
PostMessage cross-domain vulnerability-vulnerability warning-the black bar safety net
Note: this article is“millet Security Center”original, reprint please contact the“millet Security Center” Background Value: $3000 Vulnerability cause: postMessage cross-domain vulnerabilities to cause, the use of the websocket receives a user authentication token Original address:...