216.73.217.22

CVE-2024-1509

· Published 28/02/2025 22:15 · Modified 28/02/2025 22:15

Labels: CVE-2024-1509 2025-02-28CVE-2024-1509CWE-523[email protected]

Essential information

Published
28/02/2025 22:15
Modified
28/02/2025 22:15
Author
Creator
CISA KEV
No
CWE

Description

Brocade ASCG before 3.2.0 Web Interface is not enforcing HSTS, as defined by RFC 6797. HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

References