How severe is CVE-2024-1509?

The severity of CVE-2024-1509 has not been assessed with CVSS v3.

CVE-2024-1509

NONE

Brocade ASCG before 3.2.0 Web Interface is not enforcing HSTS, as defined by RFC 6797. HSTS is an optional response header that can be configured on the server to instruct the browser to only comm

Veröffentlicht: 2/28/2025Aktualisiert: 2/28/2025

Beschreibung

Brocade ASCG before 3.2.0 Web Interface is not enforcing HSTS, as defined by RFC 6797. HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections.

KI-AnalyseKI-gestützt

Referenzen

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25428