MiracleLinux 7 : httpd24-nghttp2-1.7.1-7.el7, httpd24-curl-7.61.1-1.el7, httpd24-httpd-2.4.34-7.el7 (AXSA:2019-3739:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2019-3739:01 advisory. httpd: Improper handling of headers in modsession can allow a remote user to modify session data for CGI applications CVE-2018-1283 httpd: Out of...

CVE-2022-23131

In the case of instances where the SAML SSO authentication is enabled non-default, session data can be modified by a malicious actor, because a user login stored in the session was not verified. Malicious unauthenticated actor may exploit this issue to escalate privileges and gain admin access to...

Microsoft Windows Schannel TLS Three Times Handshake Vulnerability

Microsoft Windows is a family of operating systems released by Microsoft Corporation in the U.S. Microsoft Schannel or Secure Channel is one of the Security Support Providers SSPs that implements the Secure Socket Layer SSL and Transport Layer Security TLS protocols and provides authentication...

CVE-2011-4136

django.contrib.sessions in Django before 1.2.7 and 1.3.x before 1.3.1, when session data is stored in the cache, uses the root namespace for both session identifiers and application-data keys, which allows remote attackers to modify a session by triggering use of a key that is equal to that...