Lucene search
K

6 matches found

Tenable Nessus
Tenable Nessus
added 2016/12/22 12:0 a.m.32 views

openSUSE Security Update : shellinabox (openSUSE-2016-1501)

shellinabox was updated to version 2.20 to fix the following security issues : - It was possible to fallback to the HTTP protocol even when configured for HTTPS. CVE-2015-8400, boo957748 - Disable secure client-initiated renegotiation - Set SSL options for increased security disable SSLv2, SSLv3 ...

7.4CVSS7.2AI score0.02037EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2016/03/04 12:0 a.m.23 views

Fedora 23 : shellinabox-2.19-1.fc23 (2015-1c773e8702)

Added support for middle-click paste Improved iOS support New logic to enable soft keyboard icon Disable HTTPS fallback using the URL /plain. Consequently disables automatic upgrades from HTTP to HTTPS CVE-2015-8400 Note that Tenable Network Security has extracted the preceding description block...

7.4CVSS7.2AI score0.02037EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2016/03/04 12:0 a.m.23 views

Fedora 22 : shellinabox-2.19-1.fc22 (2015-463143720f)

Added support for middle-click paste Improved iOS support New logic to enable soft keyboard icon Disable HTTPS fallback using the URL /plain. Consequently disables automatic upgrades from HTTP to HTTPS CVE-2015-8400 Note that Tenable Network Security has extracted the preceding description block...

7.4CVSS7.2AI score0.02037EPSS
Exploits0References4
OSV
OSV
added 2016/01/12 7:59 p.m.8 views

CVE-2015-8400

The HTTPS fallback implementation in Shell In A Box aka shellinabox before 2.19 makes it easier for remote attackers to conduct DNS rebinding attacks via the "/plain" URL...

7.4CVSS6.7AI score
Exploits0References6
CVE
CVE
added 2016/01/12 7:0 p.m.57 views

CVE-2015-8400

Shell In A Box (shellinabox) prior to version 2.19 contains an HTTPS fallback mechanism that allows DNS rebinding attacks via the /plain URL. The vulnerability is triggered when the client can revert HTTPS requests to HTTP, enabling remote attackers to exploit DNS rebinding. Public references in ...

7.4CVSS7.2AI score0.02037EPSS
Exploits0References6Affected Software1
OpenVAS
OpenVAS
added 2016/01/08 12:0 a.m.17 views

Fedora Update for shellinabox FEDORA-2015-1

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.4CVSS7.5AI score0.02037EPSS
Exploits0References2
Rows per page
Query Builder