{"vulnerability": "cve-2024-1509", "sightings": [{"uuid": "0f58829c-d389-4b86-b75d-22e90dc8ce98", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1509", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/6013", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-1509\n\ud83d\udd25 CVSS Score: 7.6 (cvssV4_0, Vector: CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: Brocade ASCG before 3.2.0 Web Interface  is not \nenforcing HSTS, as defined by RFC 6797. HSTS is an optional response \nheader that can be configured on the server to instruct the browser to \nonly communicate via HTTPS. The lack of HSTS allows downgrade attacks, \nSSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking \nprotections.\n\ud83d\udccf Published: 2025-02-28T21:52:33.870Z\n\ud83d\udccf Modified: 2025-02-28T21:52:33.870Z\n\ud83d\udd17 References:\n1. https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25428", "creation_timestamp": "2025-02-28T22:27:33.000000Z"}, {"uuid": "568f7b53-81cc-4105-b577-e71be5e623c9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1509", "type": "seen", "source": "https://t.me/cvedetector/19189", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-1509 - Brocade ASCG Missing HSTS Configuration Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-1509 \nPublished : Feb. 28, 2025, 10:15 p.m. | 24\u00a0minutes ago \nDescription : Brocade ASCG before 3.2.0 Web Interface  is not   \nenforcing HSTS, as defined by RFC 6797. HSTS is an optional response   \nheader that can be configured on the server to instruct the browser to   \nonly communicate via HTTPS. The lack of HSTS allows downgrade attacks,   \nSSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking   \nprotections. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"28 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-28T23:43:21.000000Z"}]}