2 matches found
CVE-2018-4015
CVE-2018-4015 affects the Webroot BrightCloud SDK used in CUJO Smart Firewall. The root cause is that the HTTP client defaults to HTTP and does not enforce secure TLS verification, enabling a man-in-the-middle to impersonate BrightCloud servers and potentially expose credentials, alter queries, o...
CVE-2018-4012
CUJO Smart Firewall is affected by CVE-2018-4012 via the Webroot BrightCloud SDK. The vulnerable component is bc_http_read_header in the BrightCloud HTTP header parsing code, which can overflow a 0x2000-byte header buffer when reading overlong headers. An unauthenticated attacker could impersonat...