Downloads Resources over HTTP in selenium-portal

Affected versions of selenium-portal insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on th...

selenium-portal remote code execution vulnerability

selenium-portal is a Node.js based on the use of JavaScript to write Selenium test program tools . A security vulnerability exists in selenium-portal, which originates when the program downloads an executable file over an unencrypted HTTP connection. A remote attacker can exploit the vulnerabilit...

Man-in-the-Middle (MitM)

selenium-portal is susceptible to man-in-the-middle MitM attacks. The attacker can download binary resources via HTTP, allowing MitM attacks. Since the attacker can replace the requested binary with its controlled binary if the attacker is on the network or positioned in between the user and the...

CVE-2016-10667

selenium-portal is a Selenium Testing Framework selenium-portal downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the attacker is on th...

CVE-2016-10667

CVE-2016-10667 affects the Node.js/selenium-portal package: it downloads binary resources over HTTP, leaving it vulnerable to a network-based MITM that could swap the requested resource with a malicious copy and cause remote code execution. The incident is documented across multiple feeds (NVD, G...

Downloads Resources over HTTP

Overview Affected versions of selenium-portal insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code...