3 matches found
CVE-2025-66029
Open OnDemand provides remote web access to supercomputers. In versions 4.0.8 and prior, the Apache proxy allows sensitive headers to be passed to origin servers. This means malicious users can create an origin server on a compute node that record these headers when unsuspecting users connect to...
CVE-2025-66029
Open OnDemand (prior to 4.1) is affected: the Apache proxy in 4.0.8 and earlier may pass sensitive headers to origin servers, enabling an attacker to set up an origin server on a compute node that records headers when users connect. A fix is expected in the 4.1 release; for 4.0.x workarounds exis...
CVE-2025-66029 Open OnDemand affected by Apache proxy passing sensitive headers
Open OnDemand provides remote web access to supercomputers. In versions 4.0.8 and prior, the Apache proxy allows sensitive headers to be passed to origin servers. This means malicious users can create an origin server on a compute node that record these headers when unsuspecting users connect to...