Lucene search
K

232 matches found

Tenable Nessus
Tenable Nessus
added 2022/12/01 12:0 a.m.46 views

FreeBSD : Gitlab -- Multiple Vulnerabilities (3cde510a-7135-11ed-a28b-bff032704f00)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 3cde510a-7135-11ed-a28b-bff032704f00 advisory. - Gitlab reports: DAST API scanner exposes Authorization headers in vulnerabilities Group IP...

9.3CVSS6.2AI score0.01074EPSS
Exploits9References12
RedHat Linux
RedHat Linux
added 2022/11/22 1:31 p.m.6 views

Mozilla: Cross-Site Tracing was possible via non-standard override headers

The Mozilla Foundation Security Advisory describes this flaw as: Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS attack to access to authorization headers and cookies inaccessible to JavaScript such as cookies protected by HTTPOnly. To mitiga...

6.1CVSS7.3AI score0.00575EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2022/11/21 4:21 p.m.5 views

Mozilla: Cross-Site Tracing was possible via non-standard override headers

The Mozilla Foundation Security Advisory describes this flaw as: Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS attack to access to authorization headers and cookies inaccessible to JavaScript such as cookies protected by HTTPOnly. To mitiga...

6.1CVSS7.3AI score0.00575EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2022/11/21 12:52 p.m.4 views

Mozilla: Cross-Site Tracing was possible via non-standard override headers

The Mozilla Foundation Security Advisory describes this flaw as: Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS attack to access to authorization headers and cookies inaccessible to JavaScript such as cookies protected by HTTPOnly. To mitiga...

6.1CVSS7.3AI score0.00575EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2022/11/21 12:43 p.m.5 views

Mozilla: Cross-Site Tracing was possible via non-standard override headers

The Mozilla Foundation Security Advisory describes this flaw as: Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS attack to access to authorization headers and cookies inaccessible to JavaScript such as cookies protected by HTTPOnly. To mitiga...

6.1CVSS7.3AI score0.00575EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2022/11/21 12:37 p.m.2 views

Mozilla: Cross-Site Tracing was possible via non-standard override headers

The Mozilla Foundation Security Advisory describes this flaw as: Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS attack to access to authorization headers and cookies inaccessible to JavaScript such as cookies protected by HTTPOnly. To mitiga...

6.1CVSS7.3AI score0.00575EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2022/11/21 12:35 p.m.5 views

Mozilla: Cross-Site Tracing was possible via non-standard override headers

The Mozilla Foundation Security Advisory describes this flaw as: Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS attack to access to authorization headers and cookies inaccessible to JavaScript such as cookies protected by HTTPOnly. To mitiga...

6.1CVSS7.3AI score0.00575EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2022/11/21 11:35 a.m.5 views

Mozilla: Cross-Site Tracing was possible via non-standard override headers

The Mozilla Foundation Security Advisory describes this flaw as: Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS attack to access to authorization headers and cookies inaccessible to JavaScript such as cookies protected by HTTPOnly. To mitiga...

6.1CVSS7.3AI score0.00575EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2022/11/21 11:33 a.m.2 views

Mozilla: Cross-Site Tracing was possible via non-standard override headers

The Mozilla Foundation Security Advisory describes this flaw as: Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS attack to access to authorization headers and cookies inaccessible to JavaScript such as cookies protected by HTTPOnly. To mitiga...

6.1CVSS7.3AI score0.00575EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2022/11/21 11:29 a.m.4 views

Mozilla: Cross-Site Tracing was possible via non-standard override headers

The Mozilla Foundation Security Advisory describes this flaw as: Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS attack to access to authorization headers and cookies inaccessible to JavaScript such as cookies protected by HTTPOnly. To mitiga...

6.1CVSS7.3AI score0.00575EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2022/11/21 12:0 a.m.22 views

AlmaLinux 8 : thunderbird (ALSA-2022:8547)

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2022:8547 advisory. - Service Workers should not be able to infer information about opaque cross-origin responses; but timing information for cross-origin media combined with...

9.8CVSS7.8AI score0.01061EPSS
Exploits0References14
Veracode
Veracode
added 2022/11/19 6:49 p.m.24 views

Cross-Site Scripting (XSS)

firefox is vulnerable to cross-site scripting. The vulnerability exists via non-standard override headers which allows an attacker to access to authorization headers and cookies inaccessible to JavaScript by injecting malicious javascript...

6.1CVSS7.6AI score0.00575EPSS
Exploits0References5Affected Software6
RedhatCVE
RedhatCVE
added 2022/11/16 11:26 a.m.61 views

CVE-2022-45411

The Mozilla Foundation Security Advisory describes this flaw as: Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS attack to access to authorization headers and cookies inaccessible to JavaScript such as cookies protected by HTTPOnly. To mitiga...

6.1CVSS2.3AI score0.00575EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2022/11/16 12:0 a.m.56 views

CVE-2022-45411

Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS attack to access to authorization headers and cookies inaccessible to JavaScript such as cookies protected by HTTPOnly. To mitigate this attack, browsers placed limits on fetch and XMLHttpReques...

6.1CVSS6.9AI score0.00575EPSS
Exploits0References6
OSV
OSV
added 2022/11/16 12:0 a.m.7 views

UBUNTU-CVE-2022-45411

Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS attack to access to authorization headers and cookies inaccessible to JavaScript such as cookies protected by HTTPOnly. To mitigate this attack, browsers placed limits on fetch and XMLHttpReques...

6.1CVSS6.9AI score0.00575EPSS
Exploits0References7
Prion
Prion
added 2022/07/21 4:15 a.m.24 views

Authorization

Authorization headers are cleared on cross-origin redirect. However, cookie headers which are sensitive headers and are official headers found in the spec, remain uncleared. There are active users using cookie headers in undici. This may lead to accidental leakage of cookie to a 3rd-party site or...

6.4CVSS6.4AI score0.00584EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2022/07/20 11:0 p.m.218 views

CVE-2022-31151

CVE-2022-31151 affects the Node.js undici HTTP client. The issue is that during cross-origin redirects, authorization headers are cleared but cookie headers are not, potentially leaking cookies to a third party if an attacker controls the redirect target. The problem was patched in undici v5.7.1,...

6.5CVSS5.1AI score0.00584EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2022/07/20 11:0 p.m.10 views

CVE-2022-31151 Uncleared cookies on cross-host/cross-origin redirect in undici

Authorization headers are cleared on cross-origin redirect. However, cookie headers which are sensitive headers and are official headers found in the spec, remain uncleared. There are active users using cookie headers in undici. This may lead to accidental leakage of cookie to a 3rd-party site or...

3.7CVSS5.6AI score0.00584EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2022/07/20 12:0 a.m.3 views

PT-2022-20566 · Undici · Undici

Name of the Vulnerable Software and Affected Versions: undici versions prior to 5.7.1 Description: The issue arises when authorization headers are cleared on cross-origin redirects, but cookie headers remain uncleared. This may lead to accidental leakage of cookies to a 3rd-party site or a...

6.5CVSS5.7AI score0.01223EPSS
Exploits1References30
Cvelist
Cvelist
added 2022/06/27 12:0 a.m.40 views

CVE-2022-31091 Change in port should be considered a change in origin in Guzzle

Guzzle, an extensible PHP HTTP client. Authorization and Cookie headers on requests are sensitive information. In affected versions on making a request which responds with a redirect to a URI with a different port, if we choose to follow it, we should remove the Authorization and Cookie headers...

7.7CVSS7.8AI score0.0138EPSS
Exploits0References4
Rows per page
Query Builder