CVE-2013-3984

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not set the secure flag for an unspecified cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

http-vuln-cve2014-2126 NSE Script

Detects whether the Cisco ASA appliance is vulnerable to the Cisco ASA ASDM Privilege Escalation Vulnerability CVE-2014-2126. See also: http-vuln-cve2014-2127.nse http-vuln-cve2014-2128.nse http-vuln-cve2014-2129.nse Script Arguments tls.servername See the documentation for the tls library...

CVE-2013-3984

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not set the secure flag for an unspecified cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

CVE-2013-3984

Technical details for CVE-2013-3984 are not publicly provided in the connected documents. The materials reference related issues (e.g., CVE-2014-3867) but do not disclose affected components, versions, or remediation for this CVE. Monitor for updates.

CVE-2014-3274

Cisco TelePresence System CTS 6.0.55 and earlier falls back to HTTP when certain HTTPS sessions cannot be established, which allows man-in-the-middle attackers to obtain sensitive directory information by leveraging a network position between CTS and Cisco Unified Communications Manager UCM to...

Design/Logic Flaw

Cisco TelePresence System CTS 6.0.55 and earlier falls back to HTTP when certain HTTPS sessions cannot be established, which allows man-in-the-middle attackers to obtain sensitive directory information by leveraging a network position between CTS and Cisco Unified Communications Manager UCM to...

Cisco Adaptive Security Appliance (ASA) SSL VPN Portal Detection (HTTP)

HTTP based detection of the SSL VPN Portal running on a Cisco Adaptive Security Appliance ASA. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Fedora Update for perl-LWP-Protocol-https FEDORA-2014-6369

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for perl-LWP-Protocol-https FEDORA-2014-6303

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 19 : perl-LWP-Protocol-https-6.04-2.fc19 (2014-6369)

This release fixes a server certification validation when a certificate authority is defined by HTTPSCADIR or HTTPSCAFILE environement variable. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to...

Secret: secret app for iOS and android is sending some info over HTTP

POC for android: POST /metrics HTTP/1.1 Content-Type: application/json User-Agent: Dalvik/1.6.0 Linux; U; Android 4.2.2; googlesdk Build/JBMR1.1 Host: notify.bugsnag.com Connection: Keep-Alive Accept-Encoding: gzip Content-Length: 468...

CVE-2014-3274

Cisco TelePresence System CTS 6.0(.5)(5) and earlier will fall back to HTTP if certain HTTPS sessions cannot be established, enabling a man-in-the-middle with a network position between CTS and Cisco UCM to block HTTPS and read directory information. The vulnerability (Bug ID CSCuj26326) is docum...

CVE-2014-3274

Cisco TelePresence System CTS 6.0.55 and earlier falls back to HTTP when certain HTTPS sessions cannot be established, which allows man-in-the-middle attackers to obtain sensitive directory information by leveraging a network position between CTS and Cisco Unified Communications Manager UCM to...

[SECURITY] Fedora 19 Update: perl-LWP-Protocol-https-6.04-2.fc19

The LWP::Protocol::https module provides support for using HTTPS schemed URLs with LWP. This module is a plug-in to the LWP protocol handling, so you don't use it directly. Once the module is installed LWP is able to access sites using HTTP over SSL/TLS...

Symantec Workspace Streaming < 7.5 SP1 XMLRPC Request Remote Code Execution (SYM14-009)

The version of Symantec Workspace Streaming server formerly known as Altiris Streaming System installed on the remote Windows host is affected by a remote code execution vulnerability. This issue is caused by improper validation of HTTPS XMLRPC requests by the Management Agent asagent.exe...

Cisco TelePresence System Directory Information Disclosure Vulnerability

A vulnerability in the code retrieving directory information of Cisco TelePresence System CTS could allow an unauthenticated, remote attacker to intercept and read the content of a directory transferred between the CTS and the Cisco Unified Communications Manager Cisco UCM. The vulnerability is d...

Fedora 20 : perl-LWP-Protocol-https-6.04-4.fc20 (2014-6303)

This release fixes a server certification validation when a certificate authority is defined by HTTPSCADIR or HTTPSCAFILE environement variable. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to...

[SECURITY] Fedora 20 Update: perl-LWP-Protocol-https-6.04-4.fc20

The LWP::Protocol::https module provides support for using HTTPS schemed URLs with LWP. This module is a plug-in to the LWP protocol handling, so you don't use it directly. Once the module is installed LWP is able to access sites using HTTP over SSL/TLS...

Facebook CSRF Tokens in Heavy Rotation to Ward off BREACH

The BREACH attack was the talk of Black Hat last summer. It was disclosed less than two months after the first Snowden leaks and helped renew focus on the security of online communication and the protocols guarding ecommerce and messaging. What BREACH did was throw a wrench into cross-site reques...

ReddAPI: Strict Transport Security Misconfiguration

URL :- https://www.reddapi.com/docs/ Description :- There was no "Strict-Transport-Security" header in the server response. Remediation detail :- A Strict-Transport-Security HTTP header should be sent with each HTTPS response. The syntax is as follows: Strict-Transport-Security: max-age=;...