Analysis blog of a 0-day vulnerability that has no CVE ID assigned to it
publish by @leo.granda
08 Apr 2024
#vuln_with_no_assigned_CVE
Fixing the HSTS Missing From HTTPS Server
by @leo.granda
08 Apr 2024
#vuln_with_no_assigned_CVE
Analysis blog of a 0-day vulnerability that has no CVE ID assigned to it
publishFixing the HSTS Missing From HTTPS Server
OS
UL
Ubuntu LinuxCanonical
25.04.*
25.04.*
24.04.*
23.04.*
23.04.*
22.04.*
22.04.*
22.04.*
20.04.5.*
21.04.*
Windows ServerMicrosoft
2022.2009
2022.*
2022.*
20H2.*
*.*
1803.*
1709.*
2016.1803
2016.*
2016.1709
Apps
IISMicrosoft
10.0.25393.1.*
10.0.25381.1.*
10.0.22621.1778.*
10.0.19041.2965.*
10.0.25357.1.*
10.1363055442.*
10.1284167426.*
10.1375817810.*
10.699807250.*
10.1381788898.*
AHS
Apache HTTP ServerApache
*.*
2.4.10.*
2.4.8.*
2.4.4.*
2.4.2.*
2.4.5.*
2.4.3.*
2.4.6.*
2.4.1.*
2.2.11.*
PoC video
Summary
Mitigating the remote web server that is not enforcing HSTS, as defined by RFC 6797.
general
Description
@leo.granda
18 posts
Total vcoins
0
Comments (0)