8 matches found
WombatDialer 安全漏洞
WombatDialer is a powerful predictive dialer for Asterisk PBX from WombatDialer. A security vulnerability exists in WombatDialer versions prior to 25.02 that stems from mishandling of cookie sessions, leading to session identity disclosure...
httpd: mod_session_cookie does not respect expiry time
In Apache HTTP Server 2.4 release 2.4.37 and prior, modsession checks the session expiry time before decoding the session. This causes session expiry time to be ignored for modsessioncookie sessions since the expiry time is loaded when the session is decoded...
The vulnerability of the SAP Enable Now platform, which is related to insufficient validation of input data, allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the SAP Enable Now platform, which is designed to ensure the effectiveness of educational materials and documentation, relates to insufficient validation of input data during cookie session implementation. Exploiting this vulnerability could allow an attacker operating remote...
httpd: mod_session_cookie does not respect expiry time
In Apache HTTP Server 2.4 release 2.4.37 and prior, modsession checks the session expiry time before decoding the session. This causes session expiry time to be ignored for modsessioncookie sessions since the expiry time is loaded when the session is decoded...
ALPINE-CVE-2018-17199
In Apache HTTP Server 2.4 release 2.4.37 and prior, modsession checks the session expiry time before decoding the session. This causes session expiry time to be ignored for modsessioncookie sessions since the expiry time is loaded when the session is decoded...
DEBIAN-CVE-2018-17199
In Apache HTTP Server 2.4 release 2.4.37 and prior, modsession checks the session expiry time before decoding the session. This causes session expiry time to be ignored for modsessioncookie sessions since the expiry time is loaded when the session is decoded...
Fedora 18 : rubygem-rack-1.4.0-5.fc18 (2013-2306)
Patch for - path sanitization information disclosure CVE-2013-0262 - timing attack in cookie sessions CVE-2013-0263 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format ...
CVE-2013-0263 rubygem-rack: Timing attack in cookie sessions
Rack::Session::Cookie in Rack 1.5.x before 1.5.2, 1.4.x before 1.4.5, 1.3.x before 1.3.10, 1.2.x before 1.2.8, and 1.1.x before 1.1.6 allows remote attackers to guess the session cookie, gain privileges, and execute arbitrary code via a timing attack involving an HMAC comparison function that doe...