4 matches found
inserein.com Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1066272 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website...
Security Bulletin: A vulnerability in the Firefox component of the Synthetic Playback agent affects IBM Performance Management products.
Summary Multiple browsers could allow a remote attacker to obtain sensitive information, caused by the failure to consider the role of the TCP congestion window in providing information about content length by the HTTPS protocol or by the HTTP/2 protocol. By visiting a Web site owned by a malicio...
CVE-2016-7153
The HTTP/2 protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "HEIST" attack...
CVE-2016-7153
CVE-2016-7153 describes a vulnerability in the HTTP/2 protocol where the TCP congestion window is not considered when determining content length, potentially enabling an attacker to obtain cleartext data by leveraging a web browser configuration that sends third‑party cookies (HEIST). The connect...