CVE-2023-44487 – HTTP/2 Rapid Reset Attack Vulnerability
https://notcve.org/view.php?id=CVE-2023-44487
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. El protocolo HTTP/2 permite una denegación de servicio (consumo de recursos del servidor) porque la cancelación de solicitudes puede restablecer muchas transmisiones rápidamente, como se explotó en la naturaleza entre agosto y octubre de 2023. A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. • https://github.com/imabee101/CVE-2023-44487 https://github.com/studiogangster/CVE-2023-44487 https://github.com/bcdannyboy/CVE-2023-44487 https://github.com/sigridou/CVE-2023-44487- https://github.com/ByteHackr/CVE-2023-44487 https://github.com/ReToCode/golang-CVE-2023-44487 http://www.openwall.com/lists/oss-security/2023/10/13/4 http://www.openwall.com/lists/oss-security/2023/10/13/9 http://www.openwall.com/lists/oss-security/2023/10/18/4 http://www. • CWE-400: Uncontrolled Resource Consumption •
CVE-2015-0651
https://notcve.org/view.php?id=CVE-2015-0651
Cross-site request forgery (CSRF) vulnerability in the web GUI in Cisco Application Networking Manager (ANM), and Device Manager (DM) on Cisco 4710 Application Control Engine (ACE) appliances, allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuo99753. Vulnerabilidad de CSRF en la interfaz gráfica del usuario web en Cisco Application Networking Manager (ANM), y Device Manager (DM) en los dispositivos Cisco 4710 Application Control Engine (ACE), permite a atacantes remotos secuestrar la autenticación de usuarios arbitrarios, también conocido como Bug ID CSCuo99753. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0651 http://www.securityfocus.com/bid/72796 http://www.securitytracker.com/id/1031815 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2013-1196
https://notcve.org/view.php?id=CVE-2013-1196
The command-line interface in Cisco Secure Access Control System (ACS), Identity Services Engine Software, Context Directory Agent, Application Networking Manager (ANM), Prime Network Control System, Prime LAN Management Solution (LMS), Prime Collaboration, Unified Provisioning Manager, Network Services Manager, Prime Data Center Network Manager (DCNM), and Quad does not properly validate input, which allows local users to obtain root privileges via unspecified vectors, aka Bug IDs CSCug29384, CSCug13866, CSCug29400, CSCug29406, CSCug29411, CSCug29413, CSCug29416, CSCug29418, CSCug29422, CSCug29425, and CSCug29426, a different issue than CVE-2013-1125. La interfaz de línea de comandos en el sistema Cisco Secure Access Control (ACS), Servicios de Identidad del motor de software, Agente de Directorio Contexto, Gerente de Redes de Aplicaciones (ANM), Sistema de Control de Red Prime, LAN Management Solution Prime (LMS), Prime Collaboration, Provisioning Manager Unificado , Network Services Manager, el primer Data Center Network Manager (DCNM) y Quad no validan correctamente la entrada, lo que permite a usuarios locales obtener privilegios de root a través de vectores no especificados. Vulnerabilidad también conocida como Bug ID CSCug29384, CSCug13866, CSCug29400, CSCug29406, CSCug29411, CSCug29413, CSCug29416 , CSCug29418, CSCug29422, CSCug29425 y CSCug29426. Se trata de una cuestión diferente que CVE-2013-1125. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1196 • CWE-20: Improper Input Validation •
CVE-2013-1125
https://notcve.org/view.php?id=CVE-2013-1125
The command-line interface in Cisco Identity Services Engine Software, Secure Access Control System (ACS), Application Networking Manager (ANM), Prime LAN Management Solution (LMS), Prime Network Control System, Quad, Context Directory Agent, Prime Collaboration, Unified Provisioning Manager, and Network Services Manager does not properly validate input, which allows local users to obtain root privileges via unspecified vectors, aka Bug IDs CSCue46001, CSCud95790, CSCue46021, CSCue46025, CSCue46023, CSCue46058, CSCue46013, CSCue46031, CSCue46035, and CSCue46042. La interfaz en línea de comandos en Cisco Identity Services Engine Software, Secure Access Control System (ACS), Application Networking Manager (ANM), Prime LAN Management Solution (LMS), Prime Network Control System, Quad, Context Directory Agent, Prime Collaboration, Unified Provisioning Manager, y Network Services Manager no validan correctamente las entradas, lo que permite a usuarios locales obtener privilegios de root mediante vectores no especificados, también conocido como Bugs IDs CSCue46001, CSCud95790, CSCue46021, CSCue46025, CSCue46023, CSCue46058, CSCue46013, CSCue46031, CSCue46035, and CSCue46042. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1125 • CWE-20: Improper Input Validation •
CVE-2009-0616
https://notcve.org/view.php?id=CVE-2009-0616
Cisco Application Networking Manager (ANM) before 2.0 uses default usernames and passwords, which makes it easier for remote attackers to access the application, or cause a denial of service via configuration changes, related to "default user credentials during installation." Cisco Application Networking Manager (ANM) en versiones anteriores a la 2.0 utiliza nombres de usuario y contraseñas por defecto, lo que facilita el acceso a los atacantes remotos a la aplicacion, o causar una denegación de servicio a través de cambios de configuración. Se trata de un asunto relacionado con "las credenciales de usuario por defecto durante la instalación." • http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc84.shtml http://www.securityfocus.com/bid/33903 http://www.securitytracker.com/id?1021771 • CWE-255: Credentials Management Errors •