Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2023-41337

Опубликовано: 12 дек. 2023
Источник: nvd
CVSS3: 6.1
CVSS3: 6.7
EPSS Низкий

Описание

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. In version 2.3.0-beta2 and prior, when h2o is configured to listen to multiple addresses or ports with each of them using different backend servers managed by multiple entities, a malicious backend entity that also has the opportunity to observe or inject packets exchanged between the client and h2o may misdirect HTTPS requests going to other backends and observe the contents of that HTTPS request being sent.

The attack involves a victim client trying to resume a TLS connection and an attacker redirecting the packets to a different address or port than that intended by the client. The attacker must already have been configured by the administrator of h2o to act as a backend to one of the addresses or ports that the h2o instance listens to. Session IDs and tickets generated by h2o are not bound to information specific to the server address, port, or the X.509 certificate, and therefore it is possible for an attacker to

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:dena:h2o:*:*:*:*:*:*:*:*
Версия до 2.2.6 (включая)
cpe:2.3:a:dena:h2o:2.3.0:beta1:*:*:*:*:*:*
cpe:2.3:a:dena:h2o:2.3.0:beta2:*:*:*:*:*:*

EPSS

Процентиль: 24%
0.00081
Низкий

6.1 Medium

CVSS3

6.7 Medium

CVSS3

Дефекты

CWE-347

Связанные уязвимости

ubuntu логотип

CVE-2023-41337

CVSS3: 6.1
ubuntu
около 2 лет назад

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. In version 2.3.0-beta2 and prior, when h2o is configured to listen to multiple addresses or ports with each of them using different backend servers managed by multiple entities, a malicious backend entity that also has the opportunity to observe or inject packets exchanged between the client and h2o may misdirect HTTPS requests going to other backends and observe the contents of that HTTPS request being sent. The attack involves a victim client trying to resume a TLS connection and an attacker redirecting the packets to a different address or port than that intended by the client. The attacker must already have been configured by the administrator of h2o to act as a backend to one of the addresses or ports that the h2o instance listens to. Session IDs and tickets generated by h2o are not bound to information specific to the server address, port, or the X.509 certificate, and therefore it is possible for an attacker ...

debian логотип

CVE-2023-41337

CVSS3: 6.1
debian
около 2 лет назад

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. In ...

EPSS

Процентиль: 24%
0.00081
Низкий

6.1 Medium

CVSS3

6.7 Medium

CVSS3

Дефекты

CWE-347