2 matches found
CVE-2016-10678
serc.js is a Selenium RC process wrapper serc.js downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or...
CVE-2016-10678
CVE-2016-10678 involves the serc.js Selenium RC process wrapper, which downloads binary resources over HTTP. The underlying issue is that unencrypted HTTP allows an attacker with a privileged network position to perform a MITM and swap the requested binary with a malicious copy, potentially enabl...