Lucene search
K

232 matches found

NVD
NVD
added 2017/06/16 9:29 p.m.23 views

CVE-2016-1000221

Logstash prior to version 2.3.4, Elasticsearch Output plugin would log to file HTTP authorization headers which could contain sensitive information...

7.5CVSS7.5AI score0.01765EPSS
Exploits0References2
OSV
OSV
added 2017/06/16 9:29 p.m.25 views

CVE-2016-1000221

Logstash prior to version 2.3.4, Elasticsearch Output plugin would log to file HTTP authorization headers which could contain sensitive information...

7.5CVSS6.6AI score
Exploits0References2
Cvelist
Cvelist
added 2017/06/16 9:0 p.m.32 views

CVE-2016-1000219

Kibana before 4.5.4 and 4.1.11 when a custom output is configured for logging in, cookies and authorization headers could be written to the log files. This information could be used to hijack sessions of other users when using Kibana behind some form of authentication such as Shield...

7.5AI score0.02039EPSS
Exploits0References2
CVE
CVE
added 2017/06/16 9:0 p.m.64 views

CVE-2016-1000219

CVE-2016-1000219 affects Kibana prior to 4.5.4 and 4.1.11. When a custom output is configured for logging in, cookies and authorization headers could be written to Kibana log files, enabling a local attacker to hijack sessions of other users in environments using authentication like Shield. The p...

7.5CVSS7.4AI score0.02039EPSS
Exploits0References2Affected Software1
Elastic
Elastic
added 2016/07/07 4:57 p.m.5 views

Logstash 2.3.3 Elasticsearch Output Vulnerability

Hi all, we would like to announce a security vulnerability we discovered in our testing. Logstash 2.3.4 has been released with a patch to fix this. Issue Prior to version 2.3.4, Elasticsearch Output plugin would log to file HTTP authorization headers which could contain sensitive information...

6.9AI score
Exploits0
NVD
NVD
added 2016/07/02 2:59 p.m.13 views

CVE-2016-3956

The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js 0.10 before 0.10.44, 0.12 before 0.12.13, 4 before 4.4.2, and 5 before 5.10.0, includes bearer tokens with arbitrary requests, which allows remote HTTP servers to obtain sensitive information by reading Authorization headers...

7.5CVSS7.4AI score0.06748EPSS
Exploits0References6
OSV
OSV
added 2016/07/02 2:59 p.m.1 views

DEBIAN-CVE-2016-3956

The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js 0.10 before 0.10.44, 0.12 before 0.12.13, 4 before 4.4.2, and 5 before 5.10.0, includes bearer tokens with arbitrary requests, which allows remote HTTP servers to obtain sensitive information by reading Authorization headers...

7.5CVSS7.3AI score0.06748EPSS
Exploits0References1
OSV
OSV
added 2016/07/02 2:59 p.m.11 views

CVE-2016-3956

The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js 0.10 before 0.10.44, 0.12 before 0.12.13, 4 before 4.4.2, and 5 before 5.10.0, includes bearer tokens with arbitrary requests, which allows remote HTTP servers to obtain sensitive information by reading Authorization headers...

7.5CVSS7.3AI score
Exploits0References6
UbuntuCve
UbuntuCve
added 2016/07/02 2:59 p.m.16 views

CVE-2016-3956

The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js 0.10 before 0.10.44, 0.12 before 0.12.13, 4 before 4.4.2, and 5 before 5.10.0, includes bearer tokens with arbitrary requests, which allows remote HTTP servers to obtain sensitive information by reading Authorization headers...

7.5CVSS7.2AI score0.06748EPSS
Exploits0References6
OSV
OSV
added 2016/07/02 2:59 p.m.8 views

UBUNTU-CVE-2016-3956

The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js 0.10 before 0.10.44, 0.12 before 0.12.13, 4 before 4.4.2, and 5 before 5.10.0, includes bearer tokens with arbitrary requests, which allows remote HTTP servers to obtain sensitive information by reading Authorization headers...

7.5CVSS7.2AI score0.06748EPSS
Exploits0References7
Prion
Prion
added 2016/07/02 2:59 p.m.17 views

Authorization

The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js 0.10 before 0.10.44, 0.12 before 0.12.13, 4 before 4.4.2, and 5 before 5.10.0, includes bearer tokens with arbitrary requests, which allows remote HTTP servers to obtain sensitive information by reading Authorization headers...

5CVSS6.7AI score0.06748EPSS
Exploits0References6Affected Software3
OpenVAS
OpenVAS
added 2015/01/06 12:0 a.m.58 views

VDG Security Sense <= 2.3.13 Multiple Vulnerabilities - Active Check

VDG Security Sense is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.6AI score0.04635EPSS
Exploits2References3
Rows per page
Query Builder