golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect

A flaw was found in the net/http package of the Golang standard library. The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header redirected to b.com/ will not send that header to b.com. However, the...

DLA-4158-1 fossil - HTTP client fix

Bulletin has no description...

CVE-2025-1948 Eclipse Jetty HTTP clients can increase memory allocation

In Eclipse Jetty versions 12.0.0 to 12.0.16 included, an HTTP/2 client can specify a very large value for the HTTP/2 settings parameter SETTINGSMAXHEADERLISTSIZE. The Jetty HTTP/2 server does not perform validation on this setting, and tries to allocate a ByteBuffer of the specified capacity to...

libsoup: Double free on soup_message_headers_get_content_disposition() through "soup-message-headers.c" via "params" GHashTable value

A use-after-free type vulnerability was found in libsoup, in the soupmessageheadersgetcontentdisposition function. This flaw allows a malicious HTTP client to cause memory corruption in the libsoup server...

Important: Red Hat Security Advisory: libsoup security update

An update for libsoup is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as...

Important: Red Hat Security Advisory: libsoup security update

An update for libsoup is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

CBL Mariner 2.0 Security Update: libsoup (CVE-2025-32914)

The version of libsoup installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-32914 advisory. - A flaw was found in libsoup, where the soupmultipartnewfrommessage function is vulnerable to an out-...

RHEL 8 : libsoup (RHSA-2025:4538)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:4538 advisory. The libsoup packages provide an HTTP client and server library for GNOME. Security Fixes: libsoup: Out of bounds reads in...

RHEL 8 : libsoup (RHSA-2025:4560)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:4560 advisory. The libsoup packages provide an HTTP client and server library for GNOME. Security Fixes: libsoup: Integer overflow in appendparamquoted...

libsoup: Double free on soup_message_headers_get_content_disposition() through "soup-message-headers.c" via "params" GHashTable value

A use-after-free type vulnerability was found in libsoup, in the soupmessageheadersgetcontentdisposition function. This flaw allows a malicious HTTP client to cause memory corruption in the libsoup server...

Security Bulletin: Security vulnerabilities addressed with IBM Business Automation Workflow container updates in April 2025

Summary Multiple security vulnerabilities are addressed with IBM Business Automation Workflow containers updates in April 2025. Vulnerability Details CVEID:CVE-2023-50314 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.8 could allow an attacker with access to the...

The vulnerability of the PSL validation mechanism in the Apache HttpClient client module of Apache HttpComponents allows a attacker to perform a CSRF attack.

The vulnerability of the PSL validation mechanism in the Apache HttpClient client module of Apache HttpComponents is related to errors in the certificate authentication process. Exploiting this vulnerability can allow a malicious actor to execute a CSRF attack remotely...

ai.wanaku:wanaku-routing-http-service (>=0.0.1 <=0.0.3), ai.wanaku:wanaku-routing-yaml-route-service (>=0.0.1 <=0.0.3) +2724 more potentially affected by CVE-2025-27820 via org.apache.httpcomponents.client5:httpclient5 (>=5.4-alpha1 <=5.4.2)

org.apache.httpcomponents.client5:httpclient5 MAVEN version =5.4-alpha1, =0.0.1, =0.0.1, =0.0.4, =0.0.4, =0.0.26, =0.0.1, =0.0.2 - au.com.dius.pact.consumer:groovy =4.7.0-beta.0 - au.com.dius.pact.consumer:junit =4.7.0-beta.0 - au.com.dius.pact.consumer:junit5 =4.7.0-beta.0 -...

SUSE CVE-2012-6153

http/conn/ssl/AbstractVerifier.java in Apache Commons HttpClient before 4.2.3 does not properly verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via...

AZL-60489 CVE-2025-32911 affecting package libsoup for versions less than 3.4.4-3

A use-after-free type vulnerability was found in libsoup, in the soupmessageheadersgetcontentdisposition function. This flaw allows a malicious HTTP client to cause memory corruption in the libsoup server...

CVE-2025-32911

A use-after-free type vulnerability was found in libsoup, in the soupmessageheadersgetcontentdisposition function. This flaw allows a malicious HTTP client to cause memory corruption in the libsoup server...

CVE-2025-32911

A use-after-free type vulnerability was found in libsoup, in the soupmessageheadersgetcontentdisposition function. This flaw allows a malicious HTTP client to cause memory corruption in the libsoup server...

UBUNTU-CVE-2025-32911

A use-after-free type vulnerability was found in libsoup, in the soupmessageheadersgetcontentdisposition function. This flaw allows a malicious HTTP client to cause memory corruption in the libsoup server...

CVE-2025-32911 Libsoup: double free on soup_message_headers_get_content_disposition() through "soup-message-headers.c" via "params" ghashtable value

A use-after-free type vulnerability was found in libsoup, in the soupmessageheadersgetcontentdisposition function. This flaw allows a malicious HTTP client to cause memory corruption in the libsoup server...

CVE-2025-32911

A use-after-free type vulnerability was found in libsoup, in the soupmessageheadersgetcontentdisposition function. This flaw allows a malicious HTTP client to cause memory corruption in the libsoup server...