Downloads Resources over HTTP in serc.js

Affected versions of serc.js insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the system...

serc.js remote code execution vulnerability

serc.js is a Selenium RC Process Wrapper A security vulnerability exists in serc.js, which originates when a program downloads an executable file over an unencrypted HTTP connection. A remote attacker can exploit the vulnerability by intercepting the response and replacing the requested executabl...

Man-in-the-Middle (MitM)

serc.js is vulnerable to man-in-the-middle MitM attacks. This is because they download binary resources via HTTP, allowing MitM attacks. Also, it may potentially cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on the netwo...

CVE-2016-10678

serc.js is a Selenium RC process wrapper serc.js downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or...

CVE-2016-10678

CVE-2016-10678 involves the serc.js Selenium RC process wrapper, which downloads binary resources over HTTP. The underlying issue is that unencrypted HTTP allows an attacker with a privileged network position to perform a MITM and swap the requested binary with a malicious copy, potentially enabl...