Lucene search
+L

85 matches found

RedHat Linux
RedHat Linux
added 2022/11/21 12:43 p.m.7 views

Mozilla: Cross-Site Tracing was possible via non-standard override headers

The Mozilla Foundation Security Advisory describes this flaw as: Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS attack to access to authorization headers and cookies inaccessible to JavaScript such as cookies protected by HTTPOnly. To mitiga...

6.1CVSS7.3AI score0.00575EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2022/11/21 12:40 p.m.8 views

Mozilla: Cross-Site Tracing was possible via non-standard override headers

The Mozilla Foundation Security Advisory describes this flaw as: Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS attack to access to authorization headers and cookies inaccessible to JavaScript such as cookies protected by HTTPOnly. To mitiga...

6.1CVSS7.3AI score0.00575EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2022/11/21 12:35 p.m.6 views

Mozilla: Cross-Site Tracing was possible via non-standard override headers

The Mozilla Foundation Security Advisory describes this flaw as: Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS attack to access to authorization headers and cookies inaccessible to JavaScript such as cookies protected by HTTPOnly. To mitiga...

6.1CVSS7.3AI score0.00575EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2022/11/21 11:35 a.m.5 views

Mozilla: Cross-Site Tracing was possible via non-standard override headers

The Mozilla Foundation Security Advisory describes this flaw as: Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS attack to access to authorization headers and cookies inaccessible to JavaScript such as cookies protected by HTTPOnly. To mitiga...

6.1CVSS7.3AI score0.00575EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2022/11/21 12:0 a.m.24 views

AlmaLinux 8 : thunderbird (ALSA-2022:8547)

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2022:8547 advisory. - Service Workers should not be able to infer information about opaque cross-origin responses; but timing information for cross-origin media combined with...

9.8CVSS7.8AI score0.01061EPSS
Exploits0References14
RedhatCVE
RedhatCVE
added 2022/11/16 11:26 a.m.61 views

CVE-2022-45411

The Mozilla Foundation Security Advisory describes this flaw as: Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS attack to access to authorization headers and cookies inaccessible to JavaScript such as cookies protected by HTTPOnly. To mitiga...

6.1CVSS2.3AI score0.00575EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2022/11/16 12:0 a.m.56 views

CVE-2022-45411

Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS attack to access to authorization headers and cookies inaccessible to JavaScript such as cookies protected by HTTPOnly. To mitigate this attack, browsers placed limits on fetch and XMLHttpReques...

6.1CVSS6.9AI score0.00575EPSS
Exploits0References6
OSV
OSV
added 2022/11/16 12:0 a.m.11 views

UBUNTU-CVE-2022-45411

Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS attack to access to authorization headers and cookies inaccessible to JavaScript such as cookies protected by HTTPOnly. To mitigate this attack, browsers placed limits on fetch and XMLHttpReques...

6.1CVSS6.9AI score0.00575EPSS
Exploits0References7
OSV
OSV
added 2022/05/24 5:40 p.m.15 views

GHSA-9PGX-PF36-W46R CakePHP allows method override parameters to bypass CSRF checks

A vulnerability exists in CakePHP versions 4.0.x through 4.1.3. The CsrfProtectionMiddleware component allows method override parameters to bypass CSRF checks by changing the HTTP request method to an arbitrary string that is not in the list of request methods that CakePHP checks. Additionally, t...

8.8CVSS8.6AI score0.006EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/05/24 5:40 p.m.31 views

CakePHP allows method override parameters to bypass CSRF checks

A vulnerability exists in CakePHP versions 4.0.x through 4.1.3. The CsrfProtectionMiddleware component allows method override parameters to bypass CSRF checks by changing the HTTP request method to an arbitrary string that is not in the list of request methods that CakePHP checks. Additionally, t...

8.8CVSS8.5AI score0.006EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/05/05 12:29 a.m.8 views

GHSA-6W62-83G6-RFHJ Node Connect Reflected Cross-Site Scripting in Sencha Labs Connect middleware

node-connect before 2.8.2 has cross site scripting in Sencha Labs Connect middleware vulnerability due to incomplete fix for CVE-2013-7370 Overview Connect is a stack of middleware that is executed in order in each request. The "methodOverride" middleware allows the http post to override the meth...

6.1CVSS5.4AI score0.01435EPSS
Exploits0References11
CVE
CVE
added 2021/06/16 9:45 p.m.77 views

CVE-2021-32691

CVE-2021-32691 affects Apollos Apps prior to v2.20.0, where new user registrations can access anyone’s account using only basic profile information (name, birthday, gender, etc.). This grants access to all app functionality and Rock-based links (e.g., giving, events). A patch exists in v2.20.0. A...

9.8CVSS9AI score0.01458EPSS
Exploits0References3Affected Software1
Hacker One
Hacker One
added 2021/04/10 7:53 p.m.48 views

GitLab: Cache poisoning Denial of Service affecting assets.gitlab-static.net

Summary Hi, Gitlab.com is hosting JS and CSS on https://assets.gitlab-static.net/ and uses them on gitlab.com/ The static files seem to be stored on a gcp host, which by default accepts the x-http-method-override header. Since the CDN is using Varnish to cache files, I was able to combine the GCP...

6.7AI score
Exploits0
NVD
NVD
added 2021/01/26 6:15 p.m.19 views

CVE-2020-35239

A vulnerability exists in CakePHP versions 4.0.x through 4.1.3. The CsrfProtectionMiddleware component allows method override parameters to bypass CSRF checks by changing the HTTP request method to an arbitrary string that is not in the list of request methods that CakePHP checks. Additionally, t...

8.8CVSS8.7AI score0.006EPSS
Exploits0References1
OSV
OSV
added 2021/01/26 6:15 p.m.18 views

CVE-2020-35239

A vulnerability exists in CakePHP versions 4.0.x through 4.1.3. The CsrfProtectionMiddleware component allows method override parameters to bypass CSRF checks by changing the HTTP request method to an arbitrary string that is not in the list of request methods that CakePHP checks. Additionally, t...

8.8CVSS6.8AI score
Exploits0References1
Prion
Prion
added 2021/01/26 6:15 p.m.16 views

Cross site request forgery (csrf)

A vulnerability exists in CakePHP versions 4.0.x through 4.1.3. The CsrfProtectionMiddleware component allows method override parameters to bypass CSRF checks by changing the HTTP request method to an arbitrary string that is not in the list of request methods that CakePHP checks. Additionally, t...

6.8CVSS8.6AI score0.006EPSS
Exploits0References1Affected Software1
UbuntuCve
UbuntuCve
added 2021/01/26 6:15 p.m.250 views

CVE-2020-35239

A vulnerability exists in CakePHP versions 4.0.x through 4.1.3. The CsrfProtectionMiddleware component allows method override parameters to bypass CSRF checks by changing the HTTP request method to an arbitrary string that is not in the list of request methods that CakePHP checks. Additionally, t...

8.8CVSS7.2AI score0.006EPSS
Exploits0References3
OSV
OSV
added 2021/01/26 6:15 p.m.6 views

UBUNTU-CVE-2020-35239

A vulnerability exists in CakePHP versions 4.0.x through 4.1.3. The CsrfProtectionMiddleware component allows method override parameters to bypass CSRF checks by changing the HTTP request method to an arbitrary string that is not in the list of request methods that CakePHP checks. Additionally, t...

8.8CVSS5.9AI score0.006EPSS
Exploits0References4
CVE
CVE
added 2021/01/20 11:37 p.m.58 views

CVE-2020-35239

CVE-2020-35239 affects CakePHP 4.0.x–4.1.3. The CsrfProtectionMiddleware allows method override parameters to bypass CSRF checks by changing the HTTP method to an arbitrary string not in the allowed list, and the route middleware does not verify that this overridden method is an actual HTTP metho...

8.8CVSS8.5AI score0.006EPSS
Exploits0References1Affected Software1
Debian CVE
Debian CVE
added 2021/01/20 11:37 p.m.53 views

CVE-2020-35239

A vulnerability exists in CakePHP versions 4.0.x through 4.1.3. The CsrfProtectionMiddleware component allows method override parameters to bypass CSRF checks by changing the HTTP request method to an arbitrary string that is not in the list of request methods that CakePHP checks. Additionally, t...

8.8CVSS8.7AI score0.006EPSS
Exploits0
Rows per page
Query Builder