How severe is CVE-2019-9803?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.4 out of 10.

What type of vulnerability is CVE-2019-9803?

This is classified as CWE-346, which is a common weakness in software security.

CVE-2019-9803 - HIGH Severity | CVSS 7.4

Vulnerability Description

The Upgrade-Insecure-Requests (UIR) specification states that if UIR is enabled through Content Security Policy (CSP), navigation to a same-origin URL must be upgraded to HTTPS. Firefox will incorrectly navigate to an HTTP URL rather than perform the security upgrade requested by the CSP in some circumstances, allowing for potential man-in-the-middle attacks on the linked resources. This vulnerability affects Firefox < 66.

Related Vulnerabilities

CVE-2019-7399

HIGH

CVSS:7.4(High)

Amazon Fire OS before 5.3.6.4 allows a man-in-the-middle attack against HTTP requests for "Terms of Use" and Privacy pages.

CWE-3462019

CVE-2019-9764

HIGH

CVSS:7.4(High)

HashiCorp Consul 1.4.3 lacks server hostname verification for agent-to-agent TLS communication. In other words, the product behaves as if verify_server_hostname were set to false, even when it is actu...

CWE-3462019

CVE-2024-11602

HIGH

CVSS:7.4(High)

A Cross-Origin Resource Sharing (CORS) vulnerability exists in feast-dev/feast version 0.40.0. The CORS configuration on the agentscope server does not properly restrict access to only trusted origins...

CWE-3462024

CVE-2024-1249

HIGH

CVSS:7.4(High)

A flaw was found in Keycloak's OIDC component in the "checkLoginIframe," which allows unvalidated cross-origin messages. This flaw allows attackers to coordinate and send millions of requests in secon...

CWE-3462024

CVE-2024-28883

HIGH

CVSS:7.4(High)

An origin validation vulnerability exists in BIG-IP APM browser network access VPN client for Windows, macOS and Linux which may allow an attacker to bypass F5 endpoint inspection. Note: Software vers...

CWE-3462024

CVE-2024-7819

HIGH

CVSS:7.4(High)

A CORS misconfiguration in danswer-ai/danswer v1.4.1 allows attackers to steal sensitive information such as chat contents, API keys, and other data. This vulnerability occurs due to improper validati...

CWE-3462024