CVE-2016-10682

HIGH Year: 2016
CVSS v3 Score
8.1
High
CVSS v2 Score
9.3
Critical
Weakness Type
CWE-311
View all →

Vulnerability Description

massif is a Phantomjs fork massif downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

Related Vulnerabilities

CVE-2016-10557

HIGH
CVSS:8.1(High)

appium-chromedriver is a Node.js wrapper around Chromedriver. Versions below 2.9.4 download binary resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause ...

CWE-3112016

CVE-2016-10558

HIGH
CVSS:8.1(High)

aerospike is an Aerospike add-on module for Node.js. aerospike versions below 2.4.2 download binary resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause...

CWE-3112016

CVE-2016-10559

HIGH
CVSS:8.1(High)

selenium-download downloads the latest versions of the selenium standalone server and the chromedriver. selenium-download before 2.0.7 downloads binary resources over HTTP, which leaves it vulnerable ...

CWE-3112016

CVE-2016-10560

HIGH
CVSS:8.1(High)

galenframework-cli is the node wrapper for the Galen Framework. galenframework-cli below 2.3.1 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to ca...

CWE-3112016

CVE-2016-10562

HIGH
CVSS:8.1(High)

iedriver is an NPM wrapper for Selenium IEDriver. iedriver versions below 3.0.0 download binary resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause rem...

CWE-3112016

CVE-2016-10563

HIGH
CVSS:8.1(High)

During the installation process, the go-ipfs-deps module before 0.4.4 insecurely downloads resources over HTTP. This allows for a MITM attack to compromise the integrity of the resources used by this ...

CWE-3112016