232 matches found
FreeBSD : Gitlab -- Multiple Vulnerabilities (3cde510a-7135-11ed-a28b-bff032704f00)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 3cde510a-7135-11ed-a28b-bff032704f00 advisory. - Gitlab reports: DAST API scanner exposes Authorization headers in vulnerabilities Group IP...
Mozilla: Cross-Site Tracing was possible via non-standard override headers
The Mozilla Foundation Security Advisory describes this flaw as: Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS attack to access to authorization headers and cookies inaccessible to JavaScript such as cookies protected by HTTPOnly. To mitiga...
Mozilla: Cross-Site Tracing was possible via non-standard override headers
The Mozilla Foundation Security Advisory describes this flaw as: Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS attack to access to authorization headers and cookies inaccessible to JavaScript such as cookies protected by HTTPOnly. To mitiga...
Mozilla: Cross-Site Tracing was possible via non-standard override headers
The Mozilla Foundation Security Advisory describes this flaw as: Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS attack to access to authorization headers and cookies inaccessible to JavaScript such as cookies protected by HTTPOnly. To mitiga...
Mozilla: Cross-Site Tracing was possible via non-standard override headers
The Mozilla Foundation Security Advisory describes this flaw as: Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS attack to access to authorization headers and cookies inaccessible to JavaScript such as cookies protected by HTTPOnly. To mitiga...
Mozilla: Cross-Site Tracing was possible via non-standard override headers
The Mozilla Foundation Security Advisory describes this flaw as: Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS attack to access to authorization headers and cookies inaccessible to JavaScript such as cookies protected by HTTPOnly. To mitiga...
Mozilla: Cross-Site Tracing was possible via non-standard override headers
The Mozilla Foundation Security Advisory describes this flaw as: Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS attack to access to authorization headers and cookies inaccessible to JavaScript such as cookies protected by HTTPOnly. To mitiga...
Mozilla: Cross-Site Tracing was possible via non-standard override headers
The Mozilla Foundation Security Advisory describes this flaw as: Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS attack to access to authorization headers and cookies inaccessible to JavaScript such as cookies protected by HTTPOnly. To mitiga...
Mozilla: Cross-Site Tracing was possible via non-standard override headers
The Mozilla Foundation Security Advisory describes this flaw as: Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS attack to access to authorization headers and cookies inaccessible to JavaScript such as cookies protected by HTTPOnly. To mitiga...
Mozilla: Cross-Site Tracing was possible via non-standard override headers
The Mozilla Foundation Security Advisory describes this flaw as: Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS attack to access to authorization headers and cookies inaccessible to JavaScript such as cookies protected by HTTPOnly. To mitiga...
AlmaLinux 8 : thunderbird (ALSA-2022:8547)
The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2022:8547 advisory. - Service Workers should not be able to infer information about opaque cross-origin responses; but timing information for cross-origin media combined with...
Cross-Site Scripting (XSS)
firefox is vulnerable to cross-site scripting. The vulnerability exists via non-standard override headers which allows an attacker to access to authorization headers and cookies inaccessible to JavaScript by injecting malicious javascript...
CVE-2022-45411
The Mozilla Foundation Security Advisory describes this flaw as: Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS attack to access to authorization headers and cookies inaccessible to JavaScript such as cookies protected by HTTPOnly. To mitiga...
CVE-2022-45411
Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS attack to access to authorization headers and cookies inaccessible to JavaScript such as cookies protected by HTTPOnly. To mitigate this attack, browsers placed limits on fetch and XMLHttpReques...
UBUNTU-CVE-2022-45411
Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS attack to access to authorization headers and cookies inaccessible to JavaScript such as cookies protected by HTTPOnly. To mitigate this attack, browsers placed limits on fetch and XMLHttpReques...
Authorization
Authorization headers are cleared on cross-origin redirect. However, cookie headers which are sensitive headers and are official headers found in the spec, remain uncleared. There are active users using cookie headers in undici. This may lead to accidental leakage of cookie to a 3rd-party site or...
CVE-2022-31151
CVE-2022-31151 affects the Node.js undici HTTP client. The issue is that during cross-origin redirects, authorization headers are cleared but cookie headers are not, potentially leaking cookies to a third party if an attacker controls the redirect target. The problem was patched in undici v5.7.1,...
CVE-2022-31151 Uncleared cookies on cross-host/cross-origin redirect in undici
Authorization headers are cleared on cross-origin redirect. However, cookie headers which are sensitive headers and are official headers found in the spec, remain uncleared. There are active users using cookie headers in undici. This may lead to accidental leakage of cookie to a 3rd-party site or...
PT-2022-20566 · Undici · Undici
Name of the Vulnerable Software and Affected Versions: undici versions prior to 5.7.1 Description: The issue arises when authorization headers are cleared on cross-origin redirects, but cookie headers remain uncleared. This may lead to accidental leakage of cookies to a 3rd-party site or a...
CVE-2022-31091 Change in port should be considered a change in origin in Guzzle
Guzzle, an extensible PHP HTTP client. Authorization and Cookie headers on requests are sensitive information. In affected versions on making a request which responds with a redirect to a URI with a different port, if we choose to follow it, we should remove the Authorization and Cookie headers...