CVE-2025-54581

vproxy CVE-2025-54581 affects versions 2.3.3 and earlier, where untrusted data from the HTTP Proxy-Authorization header can be parsed as a TTL value. If ttl is 0 (e.g., via a username like 'configuredUser-ttl-0'), the modulo operation timestamp % ttl causes a division-by-zero panic, leading to a ...

CVE-2025-54581 vproxy is vulnerable to a divide by zero DoS attack

vproxy is an HTTP/HTTPS/SOCKS5 proxy server. In versions 2.3.3 and below, untrusted data is extracted from the user-controlled HTTP Proxy-Authorization header and passed to Extension::tryfrom and flows into parsettlextension where it is parsed as a TTL value. If an attacker supplies a TTL of zero...

vproxy Divide by Zero DoS Vulnerability

Summary Untrusted, user-controlled data from the HTTP Proxy-Authorization header can induce a denial of service state. Details Untrusted data is extracted from the user-controlled HTTP Proxy-Authorization header and passed to Extension::tryfrom and flows into parsettlextension where it is parsed ...

GHSA-7H24-C332-P48C vproxy Divide by Zero DoS Vulnerability

Summary Untrusted, user-controlled data from the HTTP Proxy-Authorization header can induce a denial of service state. Details Untrusted data is extracted from the user-controlled HTTP Proxy-Authorization header and passed to Extension::tryfrom and flows into parsettlextension where it is parsed ...

Medium: containerd

Issue Overview: Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information. CVE-2025-4673 Affected Packages: containerd Note: This advisory is applicable to Amazon Linux 2 - Ecs Extra. Visit this page to learn more about Amazon...

vproxy 数字错误漏洞

vproxy is a high performance HTTP/HTTPS/SOCKS5 proxy server software by 0x676e67 individual developer. A numeric error vulnerability exists in vproxy 2.3.3 and earlier versions, which stems from the handling of the Proxy-Authorization header that can lead to a divide-by-zero crash, resulting in a...

OESA-2025-1766 etcd security update

%expand: Security Fixes: Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.CVE-2025-4673...

Medium: oci-add-hooks

Issue Overview: Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information. CVE-2025-4673 Affected Packages: oci-add-hooks Note: This advisory is applicable to Amazon Linux 2 - Nitro-enclaves Extra. Visit this page to learn mor...

Medium: oci-add-hooks

Issue Overview: Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information. CVE-2025-4673 Affected Packages: oci-add-hooks Note: This advisory is applicable to Amazon Linux 2 - Docker Extra. Visit this page to learn more about...

net/http: Sensitive headers not cleared on cross-origin redirect in net/http

A flaw was found in net/http. Handling Proxy-Authorization and Proxy-Authenticate headers during cross-origin redirects allows these headers to be inadvertently forwarded, potentially exposing sensitive authentication credentials. This flaw allows a network-based attacker to manipulate redirect...

net/http: Sensitive headers not cleared on cross-origin redirect in net/http

A flaw was found in net/http. Handling Proxy-Authorization and Proxy-Authenticate headers during cross-origin redirects allows these headers to be inadvertently forwarded, potentially exposing sensitive authentication credentials. This flaw allows a network-based attacker to manipulate redirect...

net/http: Sensitive headers not cleared on cross-origin redirect in net/http

A flaw was found in net/http. Handling Proxy-Authorization and Proxy-Authenticate headers during cross-origin redirects allows these headers to be inadvertently forwarded, potentially exposing sensitive authentication credentials. This flaw allows a network-based attacker to manipulate redirect...

OESA-2025-1742 golang security update

. Security Fixes: Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.CVE-2025-4673...

TencentOS Server 3: python-requests (TSSA-2023:0244)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2023:0244 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

TencentOS Server 3: python3.12-urllib3 (TSSA-2024:0793)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0793 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

TencentOS Server 4: python-requests (TSSA-2025:0161)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0161 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

Mageia: Security Advisory (MGASA-2025-0184)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DEBIAN-CVE-2025-4673

Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information...

AZL-63725 CVE-2025-4673 affecting package golang for versions less than 1.22.7-5

Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information...

CVE-2025-4673 Sensitive headers not cleared on cross-origin redirect in net/http

Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information...