CVE-2024-5699

In violation of spec, cookie prefixes such as Secure were being ignored if they were not correctly capitalized - by spec they should be checked with a case-insensitive comparison. This could have resulted in the browser not correctly honoring the behaviors specified by the prefix. This...

Linux Distros Unpatched Vulnerability : CVE-2016-8616

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existi...

CVE-2018-25103

There exists use-after-free vulnerabilities in lighttpd = 1.4.50 request parsing which might read from invalid pointers to memory used in the same request, not from other requests...

CVE-2024-5699

In violation of spec, cookie prefixes such as Secure were being ignored if they were not correctly capitalized - by spec they should be checked with a case-insensitive comparison. This could have resulted in the browser not correctly honoring the behaviors specified by the prefix. This...

CVE-2024-5699

In violation of spec, cookie prefixes such as Secure were being ignored if they were not correctly capitalized - by spec they should be checked with a case-insensitive comparison. This could have resulted in the browser not correctly honoring the behaviors specified by the prefix. This...

CVE-2024-5699

CVE-2024-5699 affects Mozilla Firefox prior to version 127. The issue arises from cookie prefixes such as __Secure being ignored when capitalization isn’t correct, contrary to the spec that requires a case-insensitive check. This could allow behaviors not being honored as defined by the prefix, w...

Privilege Escalation

github.com/istio/istio is vulnerable to privilege escalation. Lack of case-sensitive comparison of hostname in the HTTP Host header allows an attacker to bypass the authorization policy as it causes the Envoy proxy to route the request hostname in a case-insensitive way...

CVE-2021-22924

libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths case insensitively,which could lead ...

CURL-CVE-2021-22924 Bad connection reuse due to flawed path name checks

libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse, if one of them matches the setup. Due to errors in the logic, the config matching function did not take 'issuer cert' into account and it compared the involved paths case insensitively, which could...

curl: CVE-2021-22924: Bad connection reuse due to flawed path name checks

Summary: Curlsslconfigmatches attempts to compare whether two SSL connections have identical SSL security options or not. The idea is to avoid reusing a connection that uses less secure, or completely different security options such as capath, cainfo or certificate/issuer pinning. Unfortunately...

curl security and bug fix update

7.29.0-54.0.1 - Security Fixes OraBug: 28939992 - CVE-2016-8615 cookie injection for other servers https://curl.haxx.se/docs/CVE-2016-8615.html - CVE-2016-8616 case insensitive password comparison https://curl.haxx.se/docs/CVE-2016-8616.html - CVE-2016-8617 OOB write via unchecked multiplication...

CVE-2016-8616

CVE-2016-8616 affects curl prior to 7.51.0. When re-using a connection, curl performed case-insensitive comparisons of the username and password against existing connections, enabling an attacker who knows the case-insensitive form of the correct password to cause reuse of an unused connection wi...

CVE-2016-8616

A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an unused connection with proper credentials exists for a protocol that has connection-scoped...

[SECURITY] [DSA 3705-1] curl security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3705-1 [email protected] https://www.debian.org/security/ Alessandro Ghedini November 03, 2016 https://www.debian.org/security/faq -...

MGASA-2015-0213 Updated pam packages fix security vulnerabilities

Updated pam packages fix security vulnerabilities: The pamuserdb module for Pam uses a case-insensitive method to compare hashed passwords, which makes it easier for attackers to guess the password via a brute force attack CVE-2013-7041. Multiple directory traversal vulnerabilities in...

CVE-2013-7041

The pamuserdb module for Pam uses a case-insensitive method to compare hashed passwords, which makes it easier for attackers to guess the password via a brute force attack...