1359 matches found
CVE-2016-0297
CVE-2016-0297 affects IBM Tivoli Endpoint Manager (Mobile Device Management). The root cause is a missing HTTP Strict-Transport-Security header, which could enable man-in-the-middle attackers to obtain sensitive information. The provided documents do not specify affected versions, exploit details...
CVE-2016-8966
IBM BigFix Inventory v9 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques...
http-hsts-verify NSE Script
Verify that HTTP Strict Transport Security is enabled. HTTP Strict-Transport-Security HSTS RFC 6797 forces a web browser to communicate with a web server over HTTPS. This script examines HTTP Response Headers to determine whether HSTS is configured. References:...
Multiple IBM Security Access Manager Product Information Disclosure Vulnerabilities
IBM Security Access Manager ISAM and others are products of IBM Corporation in the U.S. ISAM is a security access manager; IBM Security Access Manager for Web is a solution that provides mobile access security through a modular software package. An information disclosure vulnerability exists in a...
PT-2016-3150 · Apache +5 · Apache Http Server +5
Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions prior to 2.2.32 and 2.4.25 Description: The issue is related to the improper handling of data by the Apache HTTP Server, which was liberal in accepting whitespace from requests and sending it in response lines and...
CVE-2015-8967
arch/arm64/kernel/sys.c in the Linux kernel before 4.0 allows local users to bypass the "strict page permissions" protection mechanism and modify the system-call table, and consequently gain privileges, by leveraging write access...
Design/Logic Flaw
arch/arm64/kernel/sys.c in the Linux kernel before 4.0 allows local users to bypass the "strict page permissions" protection mechanism and modify the system-call table, and consequently gain privileges, by leveraging write access...
CVE-2015-8967
arch/arm64/kernel/sys.c in the Linux kernel before 4.0 allows local users to bypass the "strict page permissions" protection mechanism and modify the system-call table, and consequently gain privileges, by leveraging write access...
HP System Management Homepage < 7.6 Multiple Vulnerabilities (HPSBMU03653) (httpoxy)
According to its banner, the version of HP System Management Homepage SMH hosted on the remote web server is prior to 7.6. It is, therefore, affected by the following vulnerabilities : - A heap buffer overflow condition exists in OpenSSL in the EVPEncodeUpdate function within file...
Sucuri: [backups*.sucuri.net] CRLF Injection
Hi, I found the same vulnerability like in 144769 But in this case, the exploitation is more complicated due to the fact being used Strict-Transport-Security. Exploitation is only possible if the user had not previously visited site backups.sucuri.net before. PoC any browser except FireFox:...
IBM Security Guardium Database Activity Monitor Man-in-the-Middle Attack Vulnerability
IBM Security Guardium Database Activity Monitor is a database activity monitor product from IBM USA. The product provides features such as automated controls for compliance and protection against internal and external threats. IBM Security Guardium Database Activity Monitor suffers from a...
CVE-2016-0240
IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 does not enable the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information by leveraging use of HTTP...
IBM Sterling Secure Proxy Configuration Manager Information Disclosure Vulnerability
IBM Sterling Secure Proxy SSP is an unprotected zone DMZ-based application proxy from IBM USA that protects file transfers from the public Internet.Configuration Manager is one of the configuration management components. An information disclosure vulnerability exists in Configuration Manager in I...
CVE-2016-6027
The Configuration Manager in IBM Sterling Secure Proxy SSP 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 does not enable the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information or modify data by leveraging use of HTTP...
The vulnerability of Google Chrome’s browser allows a hacker to determine which website was visited using an HSTS connection.
The vulnerability of the CSPSource::schemeMatches function WebKit/Source/core/frame/csp/CSPSource.cpp in the CSP component of the Blink browser Google Chrome is related to errors in applying security policies designed for http and ws protocols to secure https and wss protocols. Exploiting this...
SSL/TLS: HTTP Strict Transport Security (HSTS) Detection
Checks if the remote web server has HTTP Strict Transport Security HSTS enabled. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SSL/TLS: `preload` Missing in HSTS Header
The remote web server is missing the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.105878";...
SSL/TLS: `includeSubDomains` Missing in HSTS Header
The remote web server is missing the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.105877";...
SSL/TLS: HTTP Strict Transport Security (HSTS) Missing
The remote web server is not enforcing HTTP Strict Transport Security HSTS. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Google Adds New Layer of Security to Domain: Adds HSTS
Google is adding HTTP Strict Transport Security or HSTS to the Google.com domain, an extra layer of protection that prevents visitors from using a less secure HTTP connection. By using HSTS, visitors following HTTP links to Google.com will be automatically redirected to the more secure HTTPS...