Lucene search
K

7 matches found

RedHat Linux
RedHat Linux
added 2024/12/04 8:43 p.m.3 views

rubygem-activestorage: Possible Sensitive Session Information Leak in Active Storage

A flaw was found in Active Storage that may lead to a sensitive session information leak. By default, Active Storage sends a Set-Cookie header along with the user’s session cookie when serving blobs and sets Cache-Control to public. Certain proxies may cache Set-Cookie, leading to an information...

5.3CVSS5.7AI score0.01119EPSS
Exploits0References5
NVD
NVD
added 2024/06/04 2:15 a.m.27 views

CVE-2024-29976

UNSUPPORTED WHEN ASSIGNED The improper privilege management vulnerability in the command “showallsessions” in Zyxel NAS326 firmware versions before V5.21AAZF.17C0 and NAS542 firmware versions before V5.21ABAG.14C0 could allow an authenticated attacker to obtain a logged-in administrator’s session...

6.5CVSS6.7AI score0.08954EPSS
Exploits1References2
OSV
OSV
added 2024/02/27 9:41 p.m.21 views

GHSA-8H22-8CF7-HQ6G Rails has possible Sensitive Session Information Leak in Active Storage

Possible Sensitive Session Information Leak in Active Storage There is a possible sensitive session information leak in Active Storage. By default, Active Storage sends a Set-Cookie header along with the user's session cookie when serving blobs. It also sets Cache-Control to public. Certain proxi...

5.3CVSS5.2AI score0.01119EPSS
Exploits0References9
OSV
OSV
added 2024/02/27 3:44 p.m.27 views

CVE-2024-26144 Possible Sensitive Session Information Leak in Active Storage

Rails is a web-application framework. Starting with version 5.2.0, there is a possible sensitive session information leak in Active Storage. By default, Active Storage sends a Set-Cookie header along with the user's session cookie when serving blobs. It also sets Cache-Control to public. Certain...

5.3CVSS5AI score0.01119EPSS
Exploits0References8
NVD
NVD
added 2012/03/19 9:55 p.m.12 views

CVE-2012-0328

Janetter before 3.3.0.0 aka 3.3.0 allows remote attackers to obtain session information for twitter.com web sites via unspecified vectors...

5CVSS6.4AI score0.016EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2009/06/09 2:31 p.m.2 views

mod_jk: session information leak

The JK Connector aka modjk 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving 1 a request from a different client that included a Content-Length header but no POST dat...

2.6CVSS6AI score0.07263EPSS
Exploits2References4
Gentoo Linux
Gentoo Linux
added 2004/08/04 12:0 a.m.34 views

Courier: Cross-site scripting vulnerability in SqWebMail

Background Courier is an integrated mail and groupware server based on open protocols. It provides ESMTP, IMAP, POP3, webmail, and mailing list services within a single framework. The webmail functionality included in Courier called SqWebMail allows you to access mailboxes from a web browser...

6.8CVSS5.4AI score0.04973EPSS
Exploits1
Rows per page
Query Builder