6 matches found
Session Spoofing
org.apache.helix, helix is vulnerable to Session Spoofing. The vulnerability is due to a hard-coded secret in the Apache Helix Front UI, which allows an attacker to generate their own fake cookies...
GHSA-6247-7862-Q2PQ Apache Helix Front (UI) component contained a hard-coded secret
The Apache Helix Front UI component contained a hard-coded secret, allowing an attacker to spoof sessions by generating their own fake cookies. This issue affects Apache Helix Front UI: all versions. As this project is retired, we do not plan to release a version that fixes this issue. Users are...
CVE-2024-22281
UNSUPPORTED WHEN ASSIGNED The Apache Helix Front UI component contained a hard-coded secret, allowing an attacker to spoof sessions by generating their own fake cookies. This issue affects Apache Helix Front UI: all versions. As this project is retired, we do not plan to release a version that...
CVE-2024-22281 Apache Helix Front (UI): Helix front hard-coded secret in the express-session
UNSUPPORTED WHEN ASSIGNED The Apache Helix Front UI component contained a hard-coded secret, allowing an attacker to spoof sessions by generating their own fake cookies. This issue affects Apache Helix Front UI: all versions. As this project is retired, we do not plan to release a version that...
PT-2024-19302 · Apache · Apache Helix Front
Name of the Vulnerable Software and Affected Versions: Apache Helix Front UI versions all Description: The Apache Helix Front UI component contained a hard-coded secret, allowing an attacker to spoof sessions by generating their own fake cookies. This issue affects products that are no longer...
CRLF Injection
phpservermon/phpservermon is vulnerable to CRLF injection. The vulnerability exists because of the misconfiguration in nginx that allows a malicious attacker to gain CSRF token and set fake cookies...