8 matches found
Linux Distros Unpatched Vulnerability : CVE-2025-23217
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mitmproxy is a interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers and mitmweb is a web-based interface for mitmprox...
SUSE CVE-2025-23217
mitmproxy is a interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers and mitmweb is a web-based interface for mitmproxy. In mitmweb 11.1.1 and below, a malicious client can use mitmweb's proxy server bound to :8080 by default to access mitmweb's internal...
DEBIAN-CVE-2025-23217
mitmproxy is a interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers and mitmweb is a web-based interface for mitmproxy. In mitmweb 11.1.1 and below, a malicious client can use mitmweb's proxy server bound to :8080 by default to access mitmweb's internal...
CVE-2025-23217
CVE-2025-23217 affects mitmweb (the web UI of mitmproxy). In versions 11.1.1 and earlier, a malicious client connected to mitmweb’s proxy server (default bind 0.0.0.0:8080) could reach mitmweb’s internal API (127.0.0.1:8081) through the proxy, enabling SSRF-style access that may lead to remote co...
CVE-2025-23217
mitmproxy is a interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers and mitmweb is a web-based interface for mitmproxy. In mitmweb 11.1.1 and below, a malicious client can use mitmweb's proxy server bound to :8080 by default to access mitmweb's internal...
Unintended Proxy or Intermediary ('Confused Deputy')
Overview mitmproxy is an interactive, SSL/TLS-capable intercepting proxy with a console interface for HTTP/1, HTTP/2, and WebSockets. Affected versions of this package are vulnerable to Unintended Proxy or Intermediary 'Confused Deputy' through the proxy server configuration. An attacker can...
GHSA-WG33-5H85-7Q5P Mitmweb API Authentication Bypass Using Proxy Server
Impact In mitmweb 11.1.0 and below, a malicious client can use mitmweb's proxy server bound to :8080 by default to access mitmweb's internal API bound to 127.0.0.1:8081 by default. In other words, while the client cannot access the API directly good, they can access the API through the proxy bad...
Mitmweb API Authentication Bypass Using Proxy Server
Impact In mitmweb 11.1.0 and below, a malicious client can use mitmweb's proxy server bound to :8080 by default to access mitmweb's internal API bound to 127.0.0.1:8081 by default. In other words, while the client cannot access the API directly good, they can access the API through the proxy bad...