在线时间:8:00-16:00
迪恩网络APP
随时随地掌握行业动态
扫描二维码
关注迪恩网络微信公众号
CVE-2017-16005 序列:2017-16005类型:CANstatus:Candidatephase:Assigned数据库:Http 漏洞描述Http-signature is a "Reference implementation of Joyent's HTTP Signature Scheme". In versions <=0.9.11, http-signature signs only the header values, but not the header names. This makes http-signature vulnerable to header forgery. Thus, if an attacker can intercept a request, he can swap header names and change the meaning of the request without changing the signature. |
2023-10-27
2022-08-15
2022-08-17
2022-09-23
2022-08-13
请发表评论