15 matches found
EUVD-2019-13414
Malware in sbrugna...
EUVD-2019-13415
Malware in sbrugna...
CVE-2019-3784
CVE-2019-3784 affects Cloud Foundry Stratos prior to version 2.3.0 . The issue is an insecure session that can be spoofed when hosted on Cloud Foundry with multiple instances using the default embedded SQLite database, allowing a remote authenticated attacker to switch sessions to another user sh...
CVE-2019-3784 Cloud Foundry Stratos contains a Session Collision Vulnerability
Cloud Foundry Stratos, versions prior to 2.3.0, contains an insecure session that can be spoofed. When deployed on cloud foundry with multiple instances using the default embedded SQLite database, a remote authenticated malicious user can switch sessions to another user with the same session id...
CVE-2019-3783
The CVE-2019-3783 entry affects Cloud Foundry Stratos prior to 2.3.0, where a public default session store secret can be brute-forced to hijack another user’s Stratos session and act on their behalf. Root cause: use of a public default session secret in deployed Stratos instances. Impact: attacke...
CVE-2019-3783 Cloud Foundry Stratos Deploys With Public Default Session Store Secret
Cloud Foundry Stratos, versions prior to 2.3.0, deploys with a public default session store secret. A malicious user with default session store secret can brute force another user's current Stratos session, and act on behalf of that user...
CVE-2019-3783
Cloud Foundry Stratos, versions prior to 2.3.0, deploys with a public default session store secret. A malicious user with default session store secret can brute force another user's current Stratos session, and act on behalf of that user...
CVE-2019-3783
Cloud Foundry Stratos, versions prior to 2.3.0, deploys with a public default session store secret. A malicious user with default session store secret can brute force another user's current Stratos session, and act on behalf of that user...
Design/Logic Flaw
Cloud Foundry Stratos, versions prior to 2.3.0, contains an insecure session that can be spoofed. When deployed on cloud foundry with multiple instances using the default embedded SQLite database, a remote authenticated malicious user can switch sessions to another user with the same session id...
CVE-2019-3784
Cloud Foundry Stratos, versions prior to 2.3.0, contains an insecure session that can be spoofed. When deployed on cloud foundry with multiple instances using the default embedded SQLite database, a remote authenticated malicious user can switch sessions to another user with the same session id...
CVE-2019-3784
Cloud Foundry Stratos, versions prior to 2.3.0, contains an insecure session that can be spoofed. When deployed on cloud foundry with multiple instances using the default embedded SQLite database, a remote authenticated malicious user can switch sessions to another user with the same session id...
Default configuration
Cloud Foundry Stratos, versions prior to 2.3.0, deploys with a public default session store secret. A malicious user with default session store secret can brute force another user's current Stratos session, and act on behalf of that user...
CVE-2019-3784: Stratos contains a Session Collision Vulnerability | Cloud Foundry
Severity High Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions Stratos All versions prior to 2.3.0 Description Cloud Foundry Stratos, versions prior to 2.3.0, contains an insecure session that can be spoofed. When deployed on cloud foundry with multiple instances using...
CVE-2019-3783: Stratos Deploys With Public Default Session Store Secret | Cloud Foundry
Severity High Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions Stratos All versions prior to 2.3.0 Description Cloud Foundry Stratos, versions prior to 2.3.0, deploys with a public default session store secret. A malicious user with default session store secret can bru...
Threat Roundup for October 19 to October 26
Today, Talos is is publishing a glimpse into the most prevalent threats we've observed between Oct. 19 and Oct. 26. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral...