CVE-2025-29314

HIGH Year: 2025
CVSS v3 Score
8.1
High
Weakness Type
CWE-311
View all →

Vulnerability Description

Insecure Shiro cookie configurations in OpenDaylight Service Function Chaining (SFC) Subproject SFC Sodium-SR4 and below allow attackers to access sensitive information via a man-in-the-middle attack.

Related Vulnerabilities

CVE-2016-10557

HIGH
CVSS:8.1(High)

appium-chromedriver is a Node.js wrapper around Chromedriver. Versions below 2.9.4 download binary resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause ...

CWE-3112016

CVE-2016-10558

HIGH
CVSS:8.1(High)

aerospike is an Aerospike add-on module for Node.js. aerospike versions below 2.4.2 download binary resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause...

CWE-3112016

CVE-2016-10559

HIGH
CVSS:8.1(High)

selenium-download downloads the latest versions of the selenium standalone server and the chromedriver. selenium-download before 2.0.7 downloads binary resources over HTTP, which leaves it vulnerable ...

CWE-3112016

CVE-2016-10560

HIGH
CVSS:8.1(High)

galenframework-cli is the node wrapper for the Galen Framework. galenframework-cli below 2.3.1 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to ca...

CWE-3112016

CVE-2016-10562

HIGH
CVSS:8.1(High)

iedriver is an NPM wrapper for Selenium IEDriver. iedriver versions below 3.0.0 download binary resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause rem...

CWE-3112016

CVE-2016-10563

HIGH
CVSS:8.1(High)

During the installation process, the go-ipfs-deps module before 0.4.4 insecurely downloads resources over HTTP. This allows for a MITM attack to compromise the integrity of the resources used by this ...

CWE-3112016