CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5710
https://notcve.org/view.php?id=CVE-2016-5710
10 Feb 2020 — NetApp Snap Creator Framework before 4.3P1 allows remote authenticated users to conduct clickjacking attacks via unspecified vectors. NetApp Snap Creator Framework versiones anteriores a 4.3P1, permite a usuarios autenticados remotos llevar a cabo ataques de secuestro de cliqueo por medio de vectores no especificados. • https://kb.netapp.com/support/s/article/cve-2016-5710-clickjacking-vulnerability-in-snap-creator-framework • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 9.8EPSS: 0%CPEs: 27EXPL: 0CVE-2017-7657 – jetty: HTTP request smuggling
https://notcve.org/view.php?id=CVE-2017-7657
26 Jun 2018 — In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size could be interpreted as a smaller chunk size and content sent as chunk body could be interpreted as a pipelined request. If Jetty was deployed behind an intermediary that imposed some authorization and that intermediary allowed arbitrar... • http://www.securitytracker.com/id/1041194 • CWE-190: Integer Overflow or Wraparound CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5372
https://notcve.org/view.php?id=CVE-2016-5372
07 Feb 2017 — Cross-site request forgery (CSRF) vulnerability in NetApp Snap Creator Framework before 4.3.0P1 allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vectors. Vulnerabilidad de CSRF en NetApp Snap Creator Framework en versiones anteriores a 4.3.0P1 permite a atacantes remotos secuestrar la autenticación de usuarios para peticiones que tienen un impacto no especificado a través de vectores desconocidos. • https://kb.netapp.com/support/s/article/cve-2016-5372-cross-site-request-forgery-vulnerability-in-snap-creator-framework • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-7172
https://notcve.org/view.php?id=CVE-2016-7172
21 Dec 2016 — NetApp Snap Creator Framework before 4.3.1 discloses sensitive information which could be viewed by an unauthorized user. NetApp Snap Creator Framework en versiones anteriores a 4.3.1 revela información sensible que pude ser vista por un usuario no autorizado. • http://www.securityfocus.com/bid/95069 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •