CVE-2022-32906

This issue was addressed with using HTTPS when sending information over the network. This issue is fixed in Apple Music 3.9.10 for Android. A user in a privileged network position may intercept SSL/TLS connections...

SUSE CVE-2013-2853

The HTTPS implementation in Google Chrome before 28.0.1500.71 does not ensure that headers are terminated by \r\n\r\n carriage return, newline, carriage return, newline, which allows man-in-the-middle attackers to have an unspecified impact via vectors that trigger header truncation...

PT-2022-8710 · Ge · Ge Reason Rt430 +2

Name of the Vulnerable Software and Affected Versions: GE Reason RT430, RT431 & RT434 GNSS clocks versions prior to 08A06 Description: The issue allows attackers to intercept and decrypt encrypted traffic through an HTTPS connection by having access to the hard-coded cryptographic key. This could...

Design/Logic Flaw

Mifos-Mobile Android Application for MifosX is an Android Application built on top of the MifosX Self-Service platform. Mifos-Mobile before commit e505f62 disables HTTPS hostname verification of its HTTP client. Additionally it accepted any self-signed certificate as valid. Hostname verification ...

Google Chrome To Bar HTTP File Downloads

Google Chrome will soon restrict certain files, like PDFs or executables, from being downloaded via an HTTP connection, if they are loaded on HTTPS webpages. HTTPS indicates that a website has an encrypted connection. When connecting to an HTTP website, browsers merely look up the IP address and...

HTTPS Isn't Always as Secure as It Seems

A surprising number of high-traffic sites have TLS vulnerabilities that are subtle enough for the green padlock to still appear...

Lenovo Ordered to Pay $7.3M in Superfish Fiasco

A federal court has approved a super-sized payout fund for Lenovo, which will be required to create a $7.3 million reservoir, set aside for settling a class action lawsuit over surreptitious adware installations. Last week, the U.S. District Court for the Northern District of California granted...

Mixed Content: This content should also be served over HTTPS

Is the mixed content warning a security concern? This is by design,the request starting “receiver://” is invoking the protocol handler. It only happens on the local computer instead to crossing the internet. This command invokes the WebHelper.exe installed as part of Receiver to run and report th...

openSUSE Security Update : kdelibs4 / kio (openSUSE-2017-334)

This update for kdelibs4, kio fixes the following issues : - CVE-2017-6410: Information Leak when accessing https when using a malicious PAC file boo1027520 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE...

LocalTapiola: Mixed Active Scripting Issue on https://www.lahitapiola.fi

HTTPS security issue - compromises HTTPS security by loading images from non secure source in https://www.lahitapiola.fi/henkilo/asiakaspalvelu/asioi-verkossa/kirjaudu-verkkoon Vulnerability Type: Mixed Active Scripting Issue Description: Mixed Active Content is content that has access to and can...

PSF-2014-7 Validate TLS certificate

The HTTP clients in the 1 httplib, 2 urllib, 3 urllib2, and 4 xmlrpclib libraries in CPython aka Python 2.x before 2.7.9 and 3.x before 3.4.3, when accessing an HTTPS URL, do not a check the certificate against a trust store or verify that the server hostname matches a domain name in the subject'...

New Attack Breaks Confidentiality Model of SSL, Allows Theft of Encrypted Cookies

Two researchers have developed a new attack on TLS 1.0/SSL 3.0 that enables them to decrypt client requests on the fly and hijack supposedly confidential sessions with sensitive sites such as online banking, e-commerce and payment sites. The attack breaks the confidentiality model of the protocol...

CVE-2011-3389

CVE-2011-3389 is the BEAST information-disclosure vulnerability in TLS/SSL CBC-mode encryption, allowing a network attacker to glean plaintext headers under certain configurations (e.g., when CBC with chained IVs is used and the attacker can inject/observe traffic). The connected documents show m...

Automated HTTPS Vulnerability Testing by Qualys SSL Labs

Automated HTTPS Vulnerability Testing by Qualys SSL Labs One of main problem in HTTP protocol is encrypting traffic and verifying data security, securing the web application against any threat is very important especially that if hackers conduct a Man-in the middle attack he can get all users...

should be able to login only via https

you should be able to configure JIRA to login via HTTPS. this is almost possible in 2.4.1. You can specify an https URL in security-config.xml as the login.url parameter. this makes loing links from e.g. the issue view page work correctly. a slight problem here is that the session remiains in the...

CVE-2002-0778

The default configuration of the proxy for Cisco Cache Engine and Content Engine allows remote attackers to use HTTPS to make TCP connections to allowed IP addresses while hiding the actual source IP...