Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:40787
HistoryJun 04, 2023 - 7:34 p.m.

Insecure Handling Of Strict-Transport-Security Header

2023-06-0419:34:21
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
17
vulnerability
insecure handling
strict-transport-security
qt network
unencrypted connections
hsts header

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

0.001 Low

EPSS

Percentile

37.5%

qt6-qtbase is vulnerable to Insecure Handling of Strict-Transport-Security Header. The vulnerability occurs because Qt Network incorrectly parses the Strict-Transport-Security (HSTS) header, which can result in unencrypted connections being established even when the server explicitly prohibits them.

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

0.001 Low

EPSS

Percentile

37.5%