The shellinabox server, while using the HTTPS protocol, allows HTTP fallback through the "/plain" URL. Upstream issue: https://github.com/shellinabox/shellinabox/issues/355 Original report: http://www.openwall.com/lists/oss-security/2015/12/02/6
Created shellinabox tracking bugs for this issue: Affects: fedora-all [bug 1287578] Affects: epel-all [bug 1287579]