CVE-2024-45397 H2O alllows bypassing address-based access control with 0-RTT

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. When an HTTP request using TLS/1.3 early data on top of TCP Fast Open or QUIC 0-RTT packets is received and the IP-address-based access control is used, the access control does not detect and prohibit HTTP requests conveyed by...

CVE-2024-45397

Technical details (affected versions, fixes, and exploit info) are not provided in the supplied documents. Monitor for updates from vendors and security advisories.

Nextcloud: Bruteforce protection in password verification can be bypassed

A vulnerability was found where the IP address used for brute force protection in Nextcloud server could be bypassed by adding a valid X-Forwarded-For header. This allowed an attacker to bypass the brute force protection and brute force login credentials...

Easy VPN Transition With Zero Trust Access

Akamai recently announced Enterprise Application Access capabilities designed to improve performance and user experience, as well as provide an easy migration away from VPN, reducing complexity and risk. The new capabilities -- IP address-based access, on-premises network detection, and captive...