How severe is CVE-2024-1509?

The severity of CVE-2024-1509 has not been assessed with CVSS v3.

CVE-2024-1509

NONE

Brocade ASCG before 3.2.0 Web Interface is not enforcing HSTS, as defined by RFC 6797. HSTS is an optional response header that can be configured on the server to instruct the browser to only comm

게시됨: 2/28/2025업데이트됨: 2/28/2025

설명

Brocade ASCG before 3.2.0 Web Interface is not enforcing HSTS, as defined by RFC 6797. HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections.

AI 분석AI 기반

참조

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25428