Showing 1 - 4 of 4

CVE-2023-45289

Status Candidate

Overview

When following an HTTP redirect to a domain which is not a subdomain match or exact match of the initial domain, an http.Client does not forward sensitive headers such as "Authorization" or "Cookie". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a redirect to bar.com will not. A maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly forwarded.

Related Files

Red Hat Security Advisory 2024-2096-03: Posted Jul 11, 2024; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2024-2096-03 - Moderate: Logging for Red Hat OpenShift - 5.9.1.; tags | advisory; systems | linux, redhat; advisories | CVE-2023-45289; SHA-256 | b1da92ef4236fd816a8ea918eafff23fe20f4e61db11341b28a584844f50f0fa; Download | Favorite | View

Ubuntu Security Notice USN-6886-1: Posted Jul 9, 2024; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 6886-1 - It was discovered that the Go net/http module did not properly handle the requests when request\'s headers exceed MaxHeaderBytes. An attacker could possibly use this issue to cause a panic resulting into a denial of service. This issue only affected Go 1.21 in Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. It was discovered that the Go net/http module did not properly validate the subdomain match or exact match of the initial domain. An attacker could possibly use this issue to read sensitive information. This issue only affected Go 1.21 in Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.; tags | advisory, web, denial of service; systems | linux, ubuntu; advisories | CVE-2023-45288, CVE-2023-45289, CVE-2023-45290, CVE-2024-24783, CVE-2024-24784, CVE-2024-24785, CVE-2024-24788, CVE-2024-24789, CVE-2024-24790; SHA-256 | 66197d055fed6c97073d4c955f114f48acbb90bca8321f4984ae151d375a3e75; Download | Favorite | View

Red Hat Security Advisory 2024-4028-03: Posted Jun 21, 2024; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2024-4028-03 - Red Hat OpenShift Serverless version 1.33.0 is now available.; tags | advisory; systems | linux, redhat; advisories | CVE-2023-45289; SHA-256 | 18936089dab181646e245fd01233c39bed0174b2a3515e0c2fbdb3be2596dc44; Download | Favorite | View

Red Hat Security Advisory 2024-3790-03: Posted Jun 11, 2024; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2024-3790-03 - OpenShift API for Data Protection 1.3.2 is now available. Issues addressed include a memory exhaustion vulnerability.; tags | advisory; systems | linux, redhat; advisories | CVE-2023-45289; SHA-256 | 98d713f1f787e58dbba56e0b5faf41492d3395dcf16382f49129632c168cdadd; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 226 files
Ubuntu 86 files
Gentoo 31 files
Debian 21 files
tmrswrr 10 files
Sina Kheirkhah 7 files
bRpsd 4 files
Rodolfo Tavares 4 files
nu11secur1ty 3 files
Google Security Research 3 files

File Archives

Systems

AIX (429)
Apple (2,090)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,078)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,531)
HPUX (880)
iOS (376)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,374)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,287)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,660)
UNIX (9,426)
UnixWare (187)
Windows (6,666)
Other

CVE-2023-45289

Overview

Related Files

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems