7691 matches found
CVE-2021-35227
The HTTP interface was enabled for RabbitMQ Plugin in ARM 2020.2.6 and the ability to configure HTTPS was not available...
Design/Logic Flaw
The HTTP interface was enabled for RabbitMQ Plugin in ARM 2020.2.6 and the ability to configure HTTPS was not available...
CVE-2021-35227
CVE-2021-35227 affects SolarWinds ARM with RabbitMQ Plugin on version 2020.2.6, where the HTTP interface was enabled and HTTPS configuration was unavailable. The issue arises from exposing an HTTP management interface without HTTPS configuration. CVSS data in sources show a high impact (CVSS3.1 b...
[ASA-202110-6] nodejs-lts-erbium: multiple issues
Arch Linux Security Advisory ASA-202110-6 ========================================= Severity: High Date : 2021-10-21 CVE-ID : CVE-2021-22939 CVE-2021-22940 CVE-2021-22959 CVE-2021-22960 Package : nodejs-lts-erbium Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-2285...
OpenJDK: Loop in HttpsServer triggered during TLS session close (JSSE, 8254967)
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacke...
OpenJDK: Loop in HttpsServer triggered during TLS session close (JSSE, 8254967)
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacke...
OpenJDK: Loop in HttpsServer triggered during TLS session close (JSSE, 8254967)
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacke...
CVE-2021-35666
Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware component: OSSL Module. The supported version that is affected is 11.1.1.9.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle HTTP Server. Successful...
CVE-2021-35666
Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware component: OSSL Module. The supported version that is affected is 11.1.1.9.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle HTTP Server. Successful...
Node.js Multiple Vulnerabilities (August 2021 Security Releases)
The version of Node.js installed on the remote host is prior to 12.22.5 or 14.17.5 or 16.6.2. It is, therefore, affected by multiple vulnerabilities including the following: - A remote command execution vulnerability exists in Node.js due to insufficient validation of untypical characters in doma...
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in tsolucio/corebos
Description Session cookie is not marked with 'Secure' Proof of Concept Login to demo page http://demo.corebos.com/index.php?action=index&module=Home Open Firefox developer option - storage - check secure option...
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in thorsten/phpmyfaq
✍️ Description The secure flag is not set for session cookie in the application. Proof of Concept Check this for POC: Image Impact If the secure flag is set on a cookie, then browsers will not submit the cookie in any requests that use an unencrypted HTTP connection, thereby preventing the cookie...
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in craigk5n/webcalendar
Description Session cookie is not marked with 'Secure' Proof of Concept Login to demo page http://webcalendar.sourceforge.net/demo/ Open Firefox developer option - storage - check secure option...
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in frontaccountingerp/fa
✍️ Description The secure flag is not set for session cookie "PHPSESSID" in the application. Proof of Concept Check this for POC: Image Impact If the secure flag is set on a cookie, then browsers will not submit the cookie in any requests that use an unencrypted HTTP connection, thereby preventing...
CVE-2021-3882
LedgerSMB does not set the 'Secure' attribute on the session authorization cookie when the client uses HTTPS and the LedgerSMB server is behind a reverse proxy. By tricking a user to use an unencrypted connection HTTP, an attacker may be able to obtain the authentication data by capturing network...
CVE-2021-3882 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in ledgersmb/ledgersmb
LedgerSMB does not set the 'Secure' attribute on the session authorization cookie when the client uses HTTPS and the LedgerSMB server is behind a reverse proxy. By tricking a user to use an unencrypted connection HTTP, an attacker may be able to obtain the authentication data by capturing network...
CVE-2021-3882
LedgerSMB does not set the 'Secure' attribute on the session authorization cookie when the client uses HTTPS and the LedgerSMB server is behind a reverse proxy. By tricking a user to use an unencrypted connection HTTP, an attacker may be able to obtain the authentication data by capturing network...
CVE-2021-3882
LedgerSMB CVE-2021-3882 concerns the Secure attribute on the session authorization cookie. The vulnerability arises when LedgerSMB servers behind a reverse proxy respond to unencrypted HTTP; an attacker who can observe traffic and trick a user into using HTTP could obtain the authentication cooki...
CVE-2019-14888
A vulnerability was found in the Undertow HTTP server listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service DOS to make the service unavailable on SSL. Mitigation Enable HTTP2 enable-http2="true" in the undertows HTTPS settings...
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in siwapp/siwapp
Description Secure flag is not implemented on the application Proof of Concept https://drive.google.com/file/d/1IOglL2LBh8CnvJUI0tRJw2wCJ8ugnws/view Impact The secure flag is an option that can be set by the application server when sending a new cookie to the user within an HTTP Response. The...