8 matches found
EUVD-2018-11865
Malware in sbrugna...
Medium: python3-tornado
Issue Overview: Tornado is a Python web framework and asynchronous networking library. The algorithm used for parsing HTTP cookies in Tornado versions prior to 6.4.2 sometimes has quadratic complexity, leading to excessive CPU consumption when parsing maliciously-crafted cookie headers. This...
USN-5587-1 curl vulnerability
Axel Chong discovered that when curl accepted and sent back cookies containing control bytes that a HTTPS server might return a 400 Bad Request Error response. A malicious cookie host could possibly use this to cause denial-of-service...
GHSA-76X8-GG39-5JJG CherryPy Malicious cookies allow access to files outside the session directory
Directory traversal vulnerability in the getfilepath function in 1 lib/sessions.py in CherryPy 3.0.x up to 3.0.2, 2 filter/sessionfilter.py in CherryPy 2.1, and 3 filter/sessionfilter.py in CherryPy 2.x allows remote attackers to create or delete arbitrary files, and possibly read and write...
CherryPy Malicious cookies allow access to files outside the session directory
Directory traversal vulnerability in the getfilepath function in 1 lib/sessions.py in CherryPy 3.0.x up to 3.0.2, 2 filter/sessionfilter.py in CherryPy 2.1, and 3 filter/sessionfilter.py in CherryPy 2.x allows remote attackers to create or delete arbitrary files, and possibly read and write...
A week in security (January 15 – January 21)
Last week on Labs, we gave you some background information about cookies, specifically which ones to worry about and why. We also warned you about scams surrounding the Mega Millions winner, who promised to donate his money to good causes. We analyzed a cryptocurrency miner using a very old...
Router Vulnerability Puts 12 Million Home and Business Routers at Risk
More than 12 million routers in homes and businesses around the world are vulnerable to a critical software bug that can be exploited by hackers to remotely monitor users’ traffic and take administrative control over the devices, from a variety of different manufacturers. The critical vulnerabili...
Apache - httpOnly Cookie Disclosure
// Source: https://gist.github.com/1955a1c28324d4724b7b/7fe51f2a66c1d4a40a736540b3ad3fde02b7fb08 // Most browsers limit cookies to 4k characters, so we need multiple function setCookies good // Construct string for cookie value var str = ""; for var i=0; i content var content =...