Denial Of Service (DoS)

2023-07-2103:46:11

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

denial of service

goproxy

handlehttps

https

mitm

validation

host urls

application crash

http

https

vulnerability

security

software

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

21.0%

JSON

github.com/elazarl/goproxy is vulnerable to Denial Of Service (DoS). The vulnerability exists in the handleHttps function of https.go when the proxy is in MITM mode due to not properly validating the host URLs, which allows an attacker to cause an application crash when a HTTP request goes to HTTPS, replacing the path “/” with an asterisk “*”.,

CPENameOperatorVersion
github.com/elazarl/goproxylev1.1
github.com/elazarl/goproxylev1.1
openshift-gitops-kameq1.1.1__70.el8
openshift-gitops-kameq1.1.0__69.el8
openshift-gitops-kameq1.3.0__41.el8
openshift-gitops-kameq1.0.1__5.el8
openshift-gitops-kameq1.8.0__143.el8
openshift-gitops-kameq1.2.0__66.el8
openshift-gitops-kameq1.7.0__90.el8
openshift-gitops-kameq1.4.0__18.el8

Name	Operator	Version
github.com/elazarl/goproxy	le	v1.1
github.com/elazarl/goproxy	le	v1.1
openshift-gitops-kam	eq	1.1.1__70.el8
openshift-gitops-kam	eq	1.1.0__69.el8
openshift-gitops-kam	eq	1.3.0__41.el8
openshift-gitops-kam	eq	1.0.1__5.el8
openshift-gitops-kam	eq	1.8.0__143.el8
openshift-gitops-kam	eq	1.2.0__66.el8
openshift-gitops-kam	eq	1.7.0__90.el8
openshift-gitops-kam	eq	1.4.0__18.el8