2 matches found
GHSA-FMG4-X8PW-HJHG Fiber has Insecure CORS Configuration, Allowing Wildcard Origin with Credentials
The CORS middleware allows for insecure configurations that could potentially expose the application to multiple CORS-related vulnerabilities. Specifically, it allows setting the Access-Control-Allow-Origin header to a wildcard "" while also having the Access-Control-Allow-Credentials set to true...
Lob: HTTP Request Smuggling on vpn.lob.com
Hi , vpn.lob.com is vulnerable to CL TE Front end server uses Content-Length , Back-end Server uses Transfer-encoding HTTP request smuggling attack. Steps to reproduce 1. Run the burp suite turbo intruder on the following request POST /auth/session HTTP/1.1 Host: vpn.lob.com User-Agent: Mozilla/5...