Описание
A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network-positioned attacker or a malicious HTTP proxy can intercept these cookies, leading to potential session hijacking or user impersonation.
Ссылки
- Vendor AdvisoryMitigation
- Issue TrackingVendor Advisory
- ExploitIssue Tracking
Уязвимые конфигурации
Одно из
EPSS
5.9 Medium
CVSS3
8.2 High
CVSS3
Дефекты
Связанные уязвимости
A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network-positioned attacker or a malicious HTTP proxy can intercept these cookies, leading to potential session hijacking or user impersonation.
A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network-positioned attacker or a malicious HTTP proxy can intercept these cookies, leading to potential session hijacking or user impersonation.
Libsoup: libsoup: information disclosure via cleartext transmission of cookies during https tunnel establishment
A flaw was found in libsoup. When establishing HTTPS tunnels through a ...
A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network-positioned attacker or a malicious HTTP proxy can intercept these cookies, leading to potential session hijacking or user impersonation.
EPSS
5.9 Medium
CVSS3
8.2 High
CVSS3