How severe is CVE-2024-1509?

The severity of CVE-2024-1509 has not been assessed with CVSS v3.

CVE-2024-1509

NONE

Brocade ASCG before 3.2.0 Web Interface is not enforcing HSTS, as defined by RFC 6797. HSTS is an optional response header that can be configured on the server to instruct the browser to only comm

Publicado: 2/28/2025Actualizado: 2/28/2025

Descripción

Brocade ASCG before 3.2.0 Web Interface is not enforcing HSTS, as defined by RFC 6797. HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections.

Análisis IAImpulsado por IA

Referencias

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25428