GHSA-7R2X-3QCM-8VFW herbivore downloads Resources over HTTP

Affected versions of herbivore insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the syst...

herbivore downloads Resources over HTTP

Affected versions of herbivore insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the syst...

Herbivore Remote Code Execution Vulnerability

herbivore is a set of open source packet sniffing tools. A security vulnerability exists in herbivore that originates when the program downloads an executable file over an unencrypted HTTP connection. A remote attacker can exploit the vulnerability by intercepting the response and replacing the...

Man-in-the-Middle (MitM)

herbivore is vulnerable to man-in-the-middle MitM attacks. This is because it downloads binary resources via HTTP, allowing MitM attacks. Also, it may potentially cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on the...

CVE-2016-10665

herbivore is a packet sniffing and crafting library. Built on libtins herbivore 0.0.3 and below download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlle...

CVE-2016-10665

herbivore is a packet sniffing and crafting library. Built on libtins herbivore 0.0.3 and below download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlle...

CVE-2016-10665

herbivore is a packet sniffing and crafting library. Built on libtins herbivore 0.0.3 and below download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlle...

CVE-2016-10665

CVE-2016-10665 affects the herbivore library (built on libtins) where binary resources are downloaded over HTTP (versions around 0.0.3 and below). The underlying issue is insecure HTTP fetching which enables aMan-in-the-middle (MITM) interception and substitution of requested binaries, with poten...