191 matches found
CVE-2021-0296
The CVE-2021-0296 entry concerns Juniper Networks CTPView server not enforcing HTTP Strict Transport Security (HSTS). Affected versions are Juniper CTPView 7.3 before 7.3R7 and 9.1 before 9.1R3. Root cause: lack of HSTS header enforcement, which can enable downgrade attacks, SSL-stripping MITM, a...
Juniper Networks CtpView输入验证错误漏洞
Juniper Networks CtpView is a network management system from Juniper Networks, Inc. It is used to enable managers to deploy circuits while monitoring the network. An input validation error vulnerability exists in the CTPView server that stems from the product's failure to implement HSTS detection...
Docker < 1.3.1 SSL Fallback Vulnerability
Docker is prone to an SSL fallback vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
How Does MTA-STS Improve Your Email Security?
Simple Mail Transfer Protocol or SMTP has easily exploitable security loopholes. Email routing protocols were designed in a time when cryptographic technology was at a nascent stage e.g., the de-facto protocol for email transfer, SMTP, is nearly 40 years old now, and therefore security was not an...
GHSA-8928-2FGM-6X9X HTTP Request Smuggling in actix-http
Affected versions of this crate did not properly detect invalid requests that could allow HTTP/1 request smuggling HRS attacks when running alongside a vulnerable front-end proxy server. This can result in leaked internal and/or user data, including credentials, when the front-end proxy is also...
HTTP Request Smuggling in actix-http
Affected versions of this crate did not properly detect invalid requests that could allow HTTP/1 request smuggling HRS attacks when running alongside a vulnerable front-end proxy server. This can result in leaked internal and/or user data, including credentials, when the front-end proxy is also...
Potential request smuggling capabilities due to lack of input validation
Affected versions of this crate did not properly detect invalid requests that could allow HTTP/1 request smuggling HRS attacks when running alongside a vulnerable front-end proxy server. This can result in leaked internal and/or user data, including credentials, when the front-end proxy is also...
RUSTSEC-2021-0081 Potential request smuggling capabilities due to lack of input validation
Affected versions of this crate did not properly detect invalid requests that could allow HTTP/1 request smuggling HRS attacks when running alongside a vulnerable front-end proxy server. This can result in leaked internal and/or user data, including credentials, when the front-end proxy is also...
Enhancing Email Security with MTA-STS and SMTP TLS Reporting
In 1982, when SMTP was first specified, it did not contain any mechanism for providing security at the transport level to secure communications between mail transfer agents. Later, in 1999, the STARTTLS command was added to SMTP that in turn supported the encryption of emails in between the...
keycloak: security headers missing on REST endpoints
A flaw was found in Keycloak’s Admin Console, where it is missing HTTP security headers in HTTP responses. This issue is not a direct vulnerability and may not lead to a security issue, but increases the chances of allowing attackers to exploit other security flaws. Examples of these possible...
keycloak: security headers missing on REST endpoints
A flaw was found in Keycloak’s Admin Console, where it is missing HTTP security headers in HTTP responses. This issue is not a direct vulnerability and may not lead to a security issue, but increases the chances of allowing attackers to exploit other security flaws. Examples of these possible...
keycloak: security headers missing on REST endpoints
A flaw was found in Keycloak’s Admin Console, where it is missing HTTP security headers in HTTP responses. This issue is not a direct vulnerability and may not lead to a security issue, but increases the chances of allowing attackers to exploit other security flaws. Examples of these possible...
keycloak: security headers missing on REST endpoints
A flaw was found in Keycloak’s Admin Console, where it is missing HTTP security headers in HTTP responses. This issue is not a direct vulnerability and may not lead to a security issue, but increases the chances of allowing attackers to exploit other security flaws. Examples of these possible...
keycloak: security headers missing on REST endpoints
A flaw was found in Keycloak’s Admin Console, where it is missing HTTP security headers in HTTP responses. This issue is not a direct vulnerability and may not lead to a security issue, but increases the chances of allowing attackers to exploit other security flaws. Examples of these possible...
GHSA-3GG7-9Q2X-79FC Improper Restriction of Rendered UI Layers or Frames in Keycloak
A vulnerability was found in all versions of Keycloak where, the pages on the Admin Console area of the application are completely missing general HTTP security headers in HTTP-responses. This does not directly lead to a security issue, yet it might aid attackers in their efforts to exploit other...
Improper Restriction of Rendered UI Layers or Frames in Keycloak
A vulnerability was found in all versions of Keycloak where, the pages on the Admin Console area of the application are completely missing general HTTP security headers in HTTP-responses. This does not directly lead to a security issue, yet it might aid attackers in their efforts to exploit other...
CVE-2020-1728
A flaw was found in Keycloak’s Admin Console, where it is missing HTTP security headers in HTTP responses. This issue is not a direct vulnerability and may not lead to a security issue, but increases the chances of allowing attackers to exploit other security flaws. Examples of these possible...
CVE-2020-1728
A vulnerability was found in all versions of Keycloak where, the pages on the Admin Console area of the application are completely missing general HTTP security headers in HTTP-responses. This does not directly lead to a security issue, yet it might aid attackers in their efforts to exploit other...
CVE-2020-1728
A vulnerability was found in all versions of Keycloak where, the pages on the Admin Console area of the application are completely missing general HTTP security headers in HTTP-responses. This does not directly lead to a security issue, yet it might aid attackers in their efforts to exploit other...
CVE-2020-1728
CVE-2020-1728 affects Red Hat’s Red Hat Single Sign-On / Keycloak projects. The issue is described as security headers missing on REST endpoints for Keycloak, which could ease client-side attacks like clickjacking or other header-reliant abuse. The connected Red Hat advisories explicitly link thi...