7691 matches found
Burp Suite CE 1.7.32 - 1.7.33 MITM Vulnerability - Linux
Burp Suite Community Edition is prone to a man-in-the-middle MITM vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Burp Suite CE 1.7.32 - 1.7.33 MITM Vulnerability - Windows
Burp Suite Community Edition is prone to a man-in-the-middle MITM vulnerability. Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This progra...
Design/Logic Flaw
Burp Suite Community Edition 1.7.32 and 1.7.33 fail to validate the server certificate in a couple of HTTPS requests which allows a man in the middle to modify or view traffic...
CVE-2018-1153
Burp Suite Community Edition 1.7.32 and 1.7.33 fail to validate the server certificate in a couple of HTTPS requests which allows a man in the middle to modify or view traffic...
CVE-2018-1153
Burp Suite Community Edition 1.7.32 and 1.7.33 fail to validate the server certificate in a couple of HTTPS requests which allows a man in the middle to modify or view traffic...
CVE-2018-1153
Burp Suite Community Edition 1.7.32–1.7.33 has a server TLS certificate validation flaw in some HTTPS requests, enabling a network MITM to modify or view traffic. This is tracked as CVE-2018-1153 (NVD shows CVSSv3 7.4 HIGH / CVSSv2 5.8 MEDIUM; attack vector NETWORK; high impact to confidentiality...
Security Bulletin: Security vulnerabilities have been identified in OpenSSL shipped with IBM Tivoli Network Manager IP Edition(CVE-2016-7055, CVE-2017-3731, CVE-2017-3732)
Summary OpenSSL is shipped with Tivoli Network Manager IP Edition. Information about security vulnerabilities affecting OpenSSL have been published in a security bulletin. Vulnerability Details CVEID: CVE-2017-3731 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an...
Security Bulletin: A vulnerability in the Firefox component of the Synthetic Playback agent affects IBM Performance Management products.
Summary Multiple browsers could allow a remote attacker to obtain sensitive information, caused by the failure to consider the role of the TCP congestion window in providing information about content length by the HTTPS protocol or by the HTTP/2 protocol. By visiting a Web site owned by a malicio...
Security Bulletin: Security Vulnerability in IBM Maximo Asset Management (CVE-2015-1951) allows cacheable HTTPS response
Summary A vulnerability in Maximo Asset Management could allow an attacker to obtain sensitive information which is stored in a local cache. The vulnerability affects Maximo Asset Management, Maximo Asset Management Essentials, Maximo Industry Solutions including Maximo for Energy Optimization,...
Security Bulletin: IBM Tivoli Network Manager IP Edition V39 Fix Pack 4 HTTPS support for Perl Collector install is affected by the following OpenSSL vulnerabilities: (CVE-2014-0224, CVE-2014-0221, CVE-2014-0195 and CVE-2014-3470)
Summary Security vulnerabilities have been discovered in OpenSSL 9.7d package that were reported on June 5, 2014 by the OpenSSL Project. Vulnerability Details CVE-ID: CVE-2014-0224 DESCRIPTION: OpenSSL is vulnerable to a man-in-the-middle attack, caused by the use of weak keying material in SSL/T...
Security Bulletin: Security Vulnerability in Apache Axis affects IBM WebSphere Dashboard Framework (CVE-2014-3596)
Summary There is an insecure certificate validation CVE-2014-3596 in Apache Axis which is bundled with IBM WebSphere Dashboard Framework. Vulnerability Details IBM WebSphere Dashboard Framework WDF bundles a copy of Apache Axis which can be used to make web service requests. A vulnerability in Ax...
Security Bulletin: Vulnerability in SSLv3 affects WebSphere Lombardi Edition (CVE-2014-3566)
Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLv3 is enabled in WebSphere Lombardi Edition. Vulnerability Details CVE-ID: CVE-2014-3566 DESCRIPTION: WebSphere Lombardi Edition could allow a remote attacker t...
Unspecified vulnerability in https-proxy-agent
https-proxy-agent is an implementation of an HTTP or HTTPS proxy. A security vulnerability exists in https-proxy-agent. An attacker can exploit this vulnerability to cause a denial of service and disclose memory...
https-proxy-agent memory leak vulnerability
https-proxy-agent is an implementation of an HTTP or HTTPS proxy. A security vulnerability exists in https-proxy-agent versions prior to 2.1.1, which stems from a failure of the program to perform proper filtering. An attacker can exploit this vulnerability by submitting input e.g. JSON to the...
GNU Wget: Cookie injection
Background GNU Wget is a free software package for retrieving files using HTTP, HTTPS and FTP, the most widely-used Internet protocols. Description A vulnerability was discovered in GNU Wget’s respnew function which does not validate \r\n sequences in continuation lines. Impact A remote attacker...
CVE-2018-5113
The "browser.identity.launchWebAuthFlow" function of WebExtensions is only allowed to load content over "https:" but this requirement was not properly enforced. This can potentially allow privileged pages to be loaded by the extension. This vulnerability affects Firefox 58...
CVE-2017-7835
Mixed content blocking of insecure HTTP sub-resources in a secure HTTPS document was not correctly applied for resources that redirect from HTTPS to HTTP, allowing content that should be blocked, such as scripts, to be loaded on a page. This vulnerability affects Firefox 57...
CVE-2017-7835
Mixed content blocking of insecure HTTP sub-resources in a secure HTTPS document was not correctly applied for resources that redirect from HTTPS to HTTP, allowing content that should be blocked, such as scripts, to be loaded on a page. This vulnerability affects Firefox 57...
CVE-2017-5384
Proxy Auto-Config PAC files can specify a JavaScript function called for all URL requests with the full URL path which exposes more information than would be sent to the proxy itself in the case of HTTPS. Normally the Proxy Auto-Config file is specified by the user or machine owner and presumed t...
CVE-2016-9071
Content Security Policy combined with HTTP to HTTPS redirection can be used by malicious server to verify whether a known site is within a user's browser history. This vulnerability affects Firefox 50...