3dcyber (4)

Last Login: March 22, 2024
Assessments
2
Score
4

3dcyber's Latest (2) Contributions

Sort by:
Filter by:
1
Ratings
Technical Analysis

This vulnerability causes a denial of service in applications that use the moment library in the vulnerable versions.

  • When it is a javascript application on node.js, the impact of the vulnerability is greater.

  • When the application only loads or uses the library on the frontend, the impact is less since the denial of service is local to the browser.

1
Ratings
Technical Analysis

This vulnerability affects HAProxy and does not require prior authentication as indicated by the CVSS score. Hopefully there is an update to the CVSS.

This vulnerability allows RCE when HTTP2 is enabled on HAProxy. There is a PoC exploit created by the researcher who discovered the vulnerability.

Note that in some solutions HTTP2 on HAProxy may be enabled by default.

To defend against this vulnerability:

  • HAproxy patches can be applied.
  • As workaroud you can disable HTTP2.