Apple Security Advisory 2014-05-15-2 - iTunes 11.2 is now available and addresses a credential interception issue. Set-Cookie HTTP headers would be processed even if the connection closed before the header line was complete. An attacker could strip security settings from the cookie by forcing the connection to close before the security settings were sent, and then obtain the value of the unprotected cookie. This issue was addressed by ignoring incomplete HTTP header lines.
61a6ffe4d28038e15d2ed5fb6190c43e5f79c5aed85e8922f69a2ec5931e12cbUPS Web/SNMP-Manager CS121 by Generex comes in with a default enabled "service"-port, that makes it possible to bypass any specified login for HTTP(s), snmp or telnet.
4bd1c3577ab09b7e5e33f32952b9014f9f0a435701fd9a44164f65c1033552a0
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed