Lucene search
K

8 matches found

RedhatCVE
RedhatCVE
added 2025/02/08 6:23 p.m.11 views

CVE-2025-23217

mitmproxy is a interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers and mitmweb is a web-based interface for mitmproxy. In mitmweb 11.1.1 and below, a malicious client can use mitmweb's proxy server bound to :8080 by default to access mitmweb's internal...

8.2CVSS7.5AI score0.00817EPSS
Exploits0References1
NVD
NVD
added 2025/02/06 6:15 p.m.50 views

CVE-2025-23217

mitmproxy is a interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers and mitmweb is a web-based interface for mitmproxy. In mitmweb 11.1.1 and below, a malicious client can use mitmweb's proxy server bound to :8080 by default to access mitmweb's internal...

8.2CVSS0.00817EPSS
Exploits0References3
OSV
OSV
added 2025/02/06 5:32 p.m.6 views

CVE-2025-23217 Mitmweb API Authentication Bypass Using Proxy Server

mitmproxy is a interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers and mitmweb is a web-based interface for mitmproxy. In mitmweb 11.1.1 and below, a malicious client can use mitmweb's proxy server bound to :8080 by default to access mitmweb's internal...

8.2CVSS7.8AI score0.00817EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2025/02/06 5:32 p.m.8 views

CVE-2025-23217

mitmproxy is a interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers and mitmweb is a web-based interface for mitmproxy. In mitmweb 11.1.1 and below, a malicious client can use mitmweb's proxy server bound to :8080 by default to access mitmweb's internal...

8.2CVSS5.9AI score0.00817EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2025/02/06 5:32 p.m.13 views

CVE-2025-23217 Mitmweb API Authentication Bypass Using Proxy Server

mitmproxy is a interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers and mitmweb is a web-based interface for mitmproxy. In mitmweb 11.1.1 and below, a malicious client can use mitmweb's proxy server bound to :8080 by default to access mitmweb's internal...

8.2CVSS7.2AI score0.00817EPSS
Exploits0References3
CVE
CVE
added 2025/02/06 5:32 p.m.1971 views

CVE-2025-23217

CVE-2025-23217 affects mitmweb (the web UI of mitmproxy). In versions 11.1.1 and earlier, a malicious client connected to mitmweb’s proxy server (default bind 0.0.0.0:8080) could reach mitmweb’s internal API (127.0.0.1:8081) through the proxy, enabling SSRF-style access that may lead to remote co...

8.2CVSS7.5AI score0.00817EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/02/06 5:32 p.m.62 views

CVE-2025-23217 Mitmweb API Authentication Bypass Using Proxy Server

mitmproxy is a interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers and mitmweb is a web-based interface for mitmproxy. In mitmweb 11.1.1 and below, a malicious client can use mitmweb's proxy server bound to :8080 by default to access mitmweb's internal...

8.2CVSS0.00817EPSS
Exploits0References3
vulnersOsv
vulnersOsv
added 2025/02/06 5:7 p.m.6 views

chameli (>=0.1.12 <=0.1.16), clotho (=0.1.0) +12 more potentially affected by CVE-2025-23217 via mitmproxy (>=10.1.5 <=11.0.2)

mitmproxy PYPI version =10.1.5, =0.1.12, =0.1.0, =4.0.0, =0.34.0, =0.11.0, =1.0.0, =1.1.0, =0.1.0, =3.2.0, =0.0.1, =0.0.3 Source cves: CVE-2025-23217 Source advisory: OSV:GHSA-WG33-5H85-7Q5P...

8.2CVSS5.7AI score0.00817EPSS
Exploits0
Rows per page
Query Builder