Lucene search
K

4 matches found

RedHat Linux
RedHat Linux
added 2024/06/27 1:6 p.m.5 views

golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect

A flaw was found in Go's net/http/cookiejar standard library package. When following an HTTP redirect to a domain that is not a subdomain match or an exact match of the initial domain, an http.Client does not forward sensitive headers such as "Authorization" or "Cookie". For example, a redirect...

4.3CVSS7.2AI score0.0108EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/06/20 12:39 p.m.5 views

golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect

A flaw was found in Go's net/http/cookiejar standard library package. When following an HTTP redirect to a domain that is not a subdomain match or an exact match of the initial domain, an http.Client does not forward sensitive headers such as "Authorization" or "Cookie". For example, a redirect...

4.3CVSS7.2AI score0.0108EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/04/28 4:6 p.m.11 views

python: Cookie domain check returns incorrect results

http.cookiejar.DefaultPolicy.domainreturnok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostnam...

5.3CVSS6.8AI score0.0388EPSS
Exploits1References4
OSV
OSV
added 2019/07/13 9:15 p.m.1 views

DEBIAN-CVE-2018-20852

http.cookiejar.DefaultPolicy.domainreturnok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostnam...

5.3CVSS7.4AI score0.0388EPSS
Exploits1References1
Rows per page
Query Builder