6 matches found
openSUSE Security Update : shellinabox (openSUSE-2016-1501)
shellinabox was updated to version 2.20 to fix the following security issues : - It was possible to fallback to the HTTP protocol even when configured for HTTPS. CVE-2015-8400, boo957748 - Disable secure client-initiated renegotiation - Set SSL options for increased security disable SSLv2, SSLv3 ...
Fedora 23 : shellinabox-2.19-1.fc23 (2015-1c773e8702)
Added support for middle-click paste Improved iOS support New logic to enable soft keyboard icon Disable HTTPS fallback using the URL /plain. Consequently disables automatic upgrades from HTTP to HTTPS CVE-2015-8400 Note that Tenable Network Security has extracted the preceding description block...
Fedora 22 : shellinabox-2.19-1.fc22 (2015-463143720f)
Added support for middle-click paste Improved iOS support New logic to enable soft keyboard icon Disable HTTPS fallback using the URL /plain. Consequently disables automatic upgrades from HTTP to HTTPS CVE-2015-8400 Note that Tenable Network Security has extracted the preceding description block...
CVE-2015-8400
The HTTPS fallback implementation in Shell In A Box aka shellinabox before 2.19 makes it easier for remote attackers to conduct DNS rebinding attacks via the "/plain" URL...
CVE-2015-8400
Shell In A Box (shellinabox) prior to version 2.19 contains an HTTPS fallback mechanism that allows DNS rebinding attacks via the /plain URL. The vulnerability is triggered when the client can revert HTTPS requests to HTTP, enabling remote attackers to exploit DNS rebinding. Public references in ...
Fedora Update for shellinabox FEDORA-2015-1
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...