what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 10 of 10 RSS Feed

CVE-2023-43804

Status Candidate

Overview

urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly. This issue has been patched in urllib3 version 1.26.17 or 2.0.5.

Related Files

Red Hat Security Advisory 2024-2986-03
Posted May 23, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-2986-03 - An update for python3.11-urllib3 is now available for Red Hat Enterprise Linux 8.

tags | advisory
systems | linux, redhat
advisories | CVE-2023-43804
SHA-256 | 08ed02316d62fcb12a540a8e8b805b46b24631d7364f0c65724de7e46172db21
Red Hat Security Advisory 2024-2159-03
Posted Apr 30, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-2159-03 - An update for python3.11-urllib3 is now available for Red Hat Enterprise Linux 9.

tags | advisory
systems | linux, redhat
advisories | CVE-2023-43804
SHA-256 | 2563e6c51fc67c164806b2f81ccba97acbe7c2198cbe9c24f428d50d527c86aa
Red Hat Security Advisory 2024-0733-03
Posted Feb 8, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-0733-03 - An update is now available for Red Hat Ansible Automation Platform 2.4. Issues addressed include an information leakage vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2023-43804
SHA-256 | 4301b07bb66daa9946bd86b703da53703cd2aa1f73cce22018efee7abd5e089c
Red Hat Security Advisory 2024-0588-03
Posted Jan 31, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-0588-03 - An update for python-urllib3 is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.

tags | advisory, python
systems | linux, redhat
advisories | CVE-2023-43804
SHA-256 | 6436a3c69d590a691ed1868695481dfc85517b642342b841f4c555390078c3cf
Red Hat Security Advisory 2024-0464-03
Posted Jan 26, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-0464-03 - An update for python-urllib3 is now available for Red Hat Enterprise Linux 9.

tags | advisory, python
systems | linux, redhat
advisories | CVE-2023-43804
SHA-256 | 5e2d7a5624f97d20a6d70a2a3e5fdb17bfba7509f3c18063065f005ae58cf9e0
Red Hat Security Advisory 2024-0300-03
Posted Jan 19, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-0300-03 - An update for python-urllib3 is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.

tags | advisory, python
systems | linux, redhat
advisories | CVE-2023-43804
SHA-256 | 4412f703d959c59aa8a60d7a59b5e7a78dd01b8efcff48d6555296c3f35bf621
Red Hat Security Advisory 2024-0187-03
Posted Jan 17, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-0187-03 - An update for python-urllib3 is now available for Red Hat OpenStack Platform 17.1.

tags | advisory, python
systems | linux, redhat
advisories | CVE-2023-43804
SHA-256 | 8e1421985532ad8e1d11f068e41a4734b585834979ff14b07a660556dcbbeb52
Red Hat Security Advisory 2024-0116-03
Posted Jan 11, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-0116-03 - An update for python-urllib3 is now available for Red Hat Enterprise Linux 8.

tags | advisory, python
systems | linux, redhat
advisories | CVE-2023-43804
SHA-256 | fd2c8bfc67a3e07392cef03e362ea958e674fd843b502d634d027b50facbd991
Ubuntu Security Notice USN-6473-2
Posted Nov 15, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6473-2 - USN-6473-1 fixed vulnerabilities in urllib3. This update provides the corresponding updates for the urllib3 module bundled into pip. It was discovered that urllib3 didn't strip HTTP Authorization header on cross-origin redirects. A remote attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.

tags | advisory, remote, web, vulnerability
systems | linux, ubuntu
advisories | CVE-2018-25091, CVE-2023-43804, CVE-2023-45803
SHA-256 | 31f113322b019e54154cd30f2be05b8d4ca103f178cbdd5efa89e9a2ef3e0838
Ubuntu Security Notice USN-6473-1
Posted Nov 13, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6473-1 - It was discovered that urllib3 didn't strip HTTP Authorization header on cross-origin redirects. A remote attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that urllib3 didn't strip HTTP Cookie header on cross-origin redirects. A remote attacker could possibly use this issue to obtain sensitive information.

tags | advisory, remote, web
systems | linux, ubuntu
advisories | CVE-2018-25091, CVE-2023-43804, CVE-2023-45803
SHA-256 | 01c8788f56d352f691cc6e76bb162b2e9e247c8c99c3c08204defa5099ea0fa8
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    0 Files
  • 9
    Nov 9th
    0 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close