4 matches found
CVE-2014-3648
The simplepush server iterates through the application installations and pushes a notification to the server provided by deviceToken. But this is user controlled. If a bogus applications is registered with bad deviceTokens, one can generate endless exceptions when those endpoints can't be reached...
Design/Logic Flaw
The simplepush server iterates through the application installations and pushes a notification to the server provided by deviceToken. But this is user controlled. If a bogus applications is registered with bad deviceTokens, one can generate endless exceptions when those endpoints can't be reached...
CVE-2014-3648
The simplepush server iterates through the application installations and pushes a notification to the server provided by deviceToken. But this is user controlled. If a bogus applications is registered with bad deviceTokens, one can generate endless exceptions when those endpoints can't be reached...
CVE-2014-3648
The CVE-2014-3648 issue concerns the simplepush server, where notifications are pushed for each registered installation using a deviceToken supplied by the user. The vulnerability arises because a bogus application can register with bad deviceTokens or point to arbitrary HTTP endpoints. This can ...