{"uuid": "0f58829c-d389-4b86-b75d-22e90dc8ce98", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-1509", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/6013", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-1509\n\ud83d\udd25 CVSS Score: 7.6 (cvssV4_0, Vector: CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: Brocade ASCG before 3.2.0 Web Interface  is not \nenforcing HSTS, as defined by RFC 6797. HSTS is an optional response \nheader that can be configured on the server to instruct the browser to \nonly communicate via HTTPS. The lack of HSTS allows downgrade attacks, \nSSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking \nprotections.\n\ud83d\udccf Published: 2025-02-28T21:52:33.870Z\n\ud83d\udccf Modified: 2025-02-28T21:52:33.870Z\n\ud83d\udd17 References:\n1. https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25428", "creation_timestamp": "2025-02-28T22:27:33.000000Z"}