Lucene search
K

6 matches found

Veracode
Veracode
added 2024/08/22 7:41 a.m.13 views

Session Spoofing

org.apache.helix, helix is vulnerable to Session Spoofing. The vulnerability is due to a hard-coded secret in the Apache Helix Front UI, which allows an attacker to generate their own fake cookies...

7.5CVSS6.6AI score0.00726EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/08/21 12:30 a.m.11 views

GHSA-6247-7862-Q2PQ Apache Helix Front (UI) component contained a hard-coded secret

The Apache Helix Front UI component contained a hard-coded secret, allowing an attacker to spoof sessions by generating their own fake cookies. This issue affects Apache Helix Front UI: all versions. As this project is retired, we do not plan to release a version that fixes this issue. Users are...

8.7CVSS7.4AI score0.00726EPSS
Exploits0References4
NVD
NVD
added 2024/08/20 11:15 p.m.33 views

CVE-2024-22281

UNSUPPORTED WHEN ASSIGNED The Apache Helix Front UI component contained a hard-coded secret, allowing an attacker to spoof sessions by generating their own fake cookies. This issue affects Apache Helix Front UI: all versions. As this project is retired, we do not plan to release a version that...

7.5CVSS0.00726EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/08/20 10:11 p.m.30 views

CVE-2024-22281 Apache Helix Front (UI): Helix front hard-coded secret in the express-session

UNSUPPORTED WHEN ASSIGNED The Apache Helix Front UI component contained a hard-coded secret, allowing an attacker to spoof sessions by generating their own fake cookies. This issue affects Apache Helix Front UI: all versions. As this project is retired, we do not plan to release a version that...

0.00726EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/08/20 12:0 a.m.6 views

PT-2024-19302 · Apache · Apache Helix Front

Name of the Vulnerable Software and Affected Versions: Apache Helix Front UI versions all Description: The Apache Helix Front UI component contained a hard-coded secret, allowing an attacker to spoof sessions by generating their own fake cookies. This issue affects products that are no longer...

8.7CVSS7.1AI score0.00726EPSS
Exploits0References9
Veracode
Veracode
added 2021/12/13 3:48 a.m.46 views

CRLF Injection

phpservermon/phpservermon is vulnerable to CRLF injection. The vulnerability exists because of the misconfiguration in nginx that allows a malicious attacker to gain CSRF token and set fake cookies...

5.4CVSS3.3AI score0.00843EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder