69 matches found
Mozilla: Fetch API improperly returns cached copies of no-store/no-cache resources (MFSA 2018-07)
Under certain circumstances the "fetch" API can return transient local copies of resources that were sent with a "no-store" or "no-cache" cache header instead of downloading a copy from the network as it should. This can result in previously stored, locally cached data of a website being accessib...
Mozilla: Fetch API improperly returns cached copies of no-store/no-cache resources (MFSA 2018-07)
Under certain circumstances the "fetch" API can return transient local copies of resources that were sent with a "no-store" or "no-cache" cache header instead of downloading a copy from the network as it should. This can result in previously stored, locally cached data of a website being accessib...
UBUNTU-CVE-2018-5131
Under certain circumstances the "fetch" API can return transient local copies of resources that were sent with a "no-store" or "no-cache" cache header instead of downloading a copy from the network as it should. This can result in previously stored, locally cached data of a website being accessib...
Security update for MozillaFirefox, mozilla-nss (important)
This update to Mozilla Firefox 47 fixes the following issues boo983549: Security fixes: - CVE-2016-2815/CVE-2016-2818: Miscellaneous memory safety hazards boo983638 MFSA 2016-49 - CVE-2016-2819: Buffer overflow parsing HTML5 fragments boo983655 MFSA 2016-50 - CVE-2016-2821: Use-after-free deletin...
HULK - Web Server DoS Tool
HULK is a web server denial of service tool DDoS Tool written for research purposes. It is designed to generate volumes of unique and obfuscated traffic at a webserver, bypassing caching engines and therefore hitting the server's direct resource pool. The Hulk Web server is a brainchild of Barry...
CVE-2013-4959
CVE-2013-4959 : Puppet Enterprise before 3.0.1 exposes HTTP responses without a no-cache header, enabling local users to retrieve sensitive data via browser cache. Affected: Puppet Enterprise prior to 3.0.1. Impact as described: potential leakage of host name, MAC address, and SSH keys. CVSS 2.0 ...
Provide HTTP headers for the content that absolutely must not be cached on the client
We have to provide the following HTTP headers in all responses containing sensitive content: Cache-control: no-store Pragma: no-cache We have identified some files at the following path, where we need to provide above headers. We are not able to identify the jsp pages or servlet, so that we can...
Firefox directives to not cache pages ignored
Mozilla Firefox 3.x before 3.0.6 does not properly implement the 1 no-store and 2 no-cache Cache-Control directives, which allows local users to obtain sensitive information by using the a back button or b history list of the victim's browser, as demonstrated by reading the response page of an...
CVE-2008-2143
CVE-2008-2143 affects unspecified Microsoft Outlook Web Access (OWA) versions. The underlying issue is that OWA uses Cache-Control: no-cache instead of no-store, which may allow browsers following RFC-2616 to cache sensitive information. Impact is potential exposure of cached data; no exploitatio...