CVE-2023-0833

A flaw was found in Red Hat's AMQ-Streams, which ships a version of the OKHttp component with an information disclosure flaw via an exception triggered by a header containing an illegal value. This issue could allow an authenticated attacker to access information outside of their regular...

Information disclosure

A flaw was found in Red Hat's AMQ-Streams, which ships a version of the OKHttp component with an information disclosure flaw via an exception triggered by a header containing an illegal value. This issue could allow an authenticated attacker to access information outside of their regular...

CVE-2023-0833

CVE-2023-0833 — IBM and Red Hat sources confirm an information disclosure flaw in the OKHttp component shipped with Red Hat AMQ-Streams. An authenticated attacker could trigger an exception via a header containing an illegal value to access information beyond their permissions. The IBM security b...

CVE-2023-0833 Red hat a-mq streams: component version with information disclosure flaw

A flaw was found in Red Hat's AMQ-Streams, which ships a version of the OKHttp component with an information disclosure flaw via an exception triggered by a header containing an illegal value. This issue could allow an authenticated attacker to access information outside of their regular...

CVE-2023-3782

DoS of the OkHttp client when using a BrotliInterceptor and surfing to a malicious web server, or when an attacker can perform MitM to inject a Brotli zip-bomb into an HTTP response...

CVE-2023-3782

DoS of the OkHttp client when using a BrotliInterceptor and surfing to a malicious web server, or when an attacker can perform MitM to inject a Brotli zip-bomb into an HTTP response...

Design/Logic Flaw

DoS of the OkHttp client when using a BrotliInterceptor and surfing to a malicious web server, or when an attacker can perform MitM to inject a Brotli zip-bomb into an HTTP response...

CVE-2023-3782 DoS of the OkHttp client when using a BrotliInterceptor and surfing to a malicious web server, or when an attacker can perform MitM to inject a Brotli zip-bomb into an HTTP response

DoS of the OkHttp client when using a BrotliInterceptor and surfing to a malicious web server, or when an attacker can perform MitM to inject a Brotli zip-bomb into an HTTP response...

CVE-2023-3782

CVE-2023-3782 affects Square OkHttp via BrotliInterceptor. An attacker can cause denial of service by having a user visit a crafted site or via MitM injecting a Brotli ZIP bomb in an HTTP response. The available sources describe the vulnerability and cite affected OkHttp/BrotliInterceptor scenari...

CVE-2023-3782 DoS of the OkHttp client when using a BrotliInterceptor and surfing to a malicious web server, or when an attacker can perform MitM to inject a Brotli zip-bomb into an HTTP response

DoS of the OkHttp client when using a BrotliInterceptor and surfing to a malicious web server, or when an attacker can perform MitM to inject a Brotli zip-bomb into an HTTP response...

PT-2023-26127 · Okhttp · Okhttp

Name of the Vulnerable Software and Affected Versions: OkHttp affected versions not specified Description: The issue allows for a Denial of Service DoS of the OkHttp client when using a BrotliInterceptor and accessing a malicious web server, or when an attacker can perform a Man-in-the-Middle Mit...

Square OkHttp 安全漏洞

Square OkHttp is the United States Square's set of HTTP and HTTP /2 client software for Android and Java applications . The software supports synchronous blocking calls and asynchronous calls with callbacks, response caching to avoid duplicate requests over the network, and more. OkHttp suffers...

Important: Red Hat Security Advisory: Red Hat AMQ Streams 2.4.0 release and security update

Red Hat AMQ Streams 2.4.0 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

okhttp: information disclosure via improperly used cryptographic function

In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for the wrong domain due to improperly used crypto. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Produc...

Streams: component version with information disclosure flaw

A flaw was found in Red Hat's AMQ-Streams, which ships a version of the OKHttp component with an information disclosure flaw via an exception triggered by a header containing an illegal value. This issue could allow an authenticated attacker to access information outside of their regular...

RHEL 9 : Red Hat Single Sign-On 7.6.3 security update on RHEL 9 (Moderate) (RHSA-2023:2707)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:2707 advisory. Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single...

RHEL 8 : Red Hat Single Sign-On 7.6.3 security update on RHEL 8 (Moderate) (RHSA-2023:2706)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:2706 advisory. Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single...

RHEL 7 : Red Hat Single Sign-On 7.6.3 security update on RHEL 7 (Moderate) (RHSA-2023:2705)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:2705 advisory. Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single...

okhttp: information disclosure via improperly used cryptographic function

In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for the wrong domain due to improperly used crypto. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Produc...

okhttp: information disclosure via improperly used cryptographic function

In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for the wrong domain due to improperly used crypto. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Produc...