CVE-2023-23914

A cleartext transmission of sensitive information vulnerability exists in curl v7.88.0 that could cause HSTS functionality fail when multiple URLs are requested serially. Using its HSTS support, curl can be instructed to use HTTPS instead of usingan insecure clear-text HTTP step even when HTTP is...

CVE-2023-23914

A cleartext transmission of sensitive information vulnerability exists in curl v7.88.0 that could cause HSTS functionality fail when multiple URLs are requested serially. Using its HSTS support, curl can be instructed to use HTTPS instead of usingan insecure clear-text HTTP step even when HTTP is...

CVE-2022-4492

The undertow client is not checking the server identity presented by the server certificate in https connections. This is a compulsory step at least it should be performed by default in https and in http/2. I would add it to any TLS client protocol...

CVE-2022-4492

The undertow client is not checking the server identity presented by the server certificate in https connections. This is a compulsory step at least it should be performed by default in https and in http/2. I would add it to any TLS client protocol...

CVE-2022-4492

The undertow client is not checking the server identity presented by the server certificate in https connections. This is a compulsory step at least it should be performed by default in https and in http/2. I would add it to any TLS client protocol...

Default credentials

The undertow client is not checking the server identity presented by the server certificate in https connections. This is a compulsory step at least it should be performed by default in https and in http/2. I would add it to any TLS client protocol...

Design/Logic Flaw

A cleartext transmission of sensitive information vulnerability exists in curl v7.88.0 that could cause HSTS functionality to behave incorrectly when multiple URLs are requested in parallel. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP...

CVE-2023-23915

CVE-2023-23915 affects multiple packages (e.g., rust 1.59.0-1, mysql 8.0.32-1, cmake 3.21.4-3, tensorflow <2.16.1-1, rust <1.72.0-2, cmake <3.28.2-1, mysql =2.16.1-1, cmake >=3.28.2-1, mysql >=8.0.33-1) to resolve the issue. The initial curl CVE description documents a separate HST...

CVE-2022-4492

CVE-2022-4492 is linked to Undertow: the undertow client does not verify the server identity presented by the server certificate in HTTPS connections, a TLS-level check that should be performed by default. This can enable weaknesses in TLS client verification and potential MITM scenarios. Connect...

CVE-2022-4492

The undertow client is not checking the server identity presented by the server certificate in https connections. This is a compulsory step at least it should be performed by default in https and in http/2. I would add it to any TLS client protocol...

Curl Cleartext Information Disclosure < 7.87 (CVE-2022-43551)

The version of Curl installed on the remote host is prior to 7.87.0. It is therefore affected by an information disclosure vulnerability where the HSTS mechanism could be bypassed to trick curl to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS instead of using an...

CVE-2023-23914

A cleartext transmission of sensitive information vulnerability exists in curl v7.88.0 that could cause HSTS functionality fail when multiple URLs are requested serially. Using its HSTS support, curl can be instructed to use HTTPS instead of usingan insecure clear-text HTTP step even when HTTP is...

CVE-2022-4492

The undertow client is not checking the server identity presented by the server certificate in https connections. This is a compulsory step at least it should be performed by default in https and in http/2. I would add it to any TLS client protocol...

CVE-2023-23914

CVE-2023-23914 affects curl before 7.88.0, related to cleartext transmission and HSTS handling. The issue occurs when multiple URLs are requested serially on the same command line, where the HSTS state may not be carried forward, causing curl to unexpectedly use insecure HTTP despite HTTPs in the...

CVE-2022-4492

The undertow client is not checking the server identity presented by the server certificate in https connections. This is a compulsory step at least it should be performed by default in https and in http/2. I would add it to any TLS client protocol...

Fortinet Fortigate Arbitrary read/write vulnerability in administrative interface (FG-IR-22-391)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-391 advisory. - A relative path traversal vulnerability CWE-23 in Fortinet FortiOS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.8 and...

K37337112: Apache Tomcat vulnerability CVE-2017-6056

Security Advisory Description It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816...

K05112543: HTTPS monitor vulnerability CVE-2018-5542

Security Advisory Description F5 BIG-IP 13.0.0-13.0.1, 12.1.0-12.1.3.6, or 11.2.1-11.6.3.2 HTTPS health monitors do not validate the identity of the monitored server. CVE-2018-5542 Impact This vulnerability may allow unauthorized disclosure and modification of monitor traffic by an attacker with ...

K15406: HTTP cookie vulnerability CVE-2004-0462

Security Advisory Description The built-in web servers for multiple networking devices do not set the Secure attribute for sensitive cookies in HTTPS sessions, which could cause the user agent to send those cookies in plaintext over an HTTP session with the same server. CVE-2004-0462 Impact A...

K14363514: OpenSSL vulnerability CVE-2017-3736

Security Advisory Description There is a carry propagating bug in the x8664 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perfo...