Showing 1 - 9 of 9

CVE-2023-43804

Status Candidate

Overview

urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly. This issue has been patched in urllib3 version 1.26.17 or 2.0.5.

Related Files

Red Hat Security Advisory 2024-2159-03: Posted Apr 30, 2024; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2024-2159-03 - An update for python3.11-urllib3 is now available for Red Hat Enterprise Linux 9.; tags | advisory; systems | linux, redhat; advisories | CVE-2023-43804; SHA-256 | 2563e6c51fc67c164806b2f81ccba97acbe7c2198cbe9c24f428d50d527c86aa; Download | Favorite | View

Red Hat Security Advisory 2024-0733-03: Posted Feb 8, 2024; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2024-0733-03 - An update is now available for Red Hat Ansible Automation Platform 2.4. Issues addressed include an information leakage vulnerability.; tags | advisory; systems | linux, redhat; advisories | CVE-2023-43804; SHA-256 | 4301b07bb66daa9946bd86b703da53703cd2aa1f73cce22018efee7abd5e089c; Download | Favorite | View

Red Hat Security Advisory 2024-0588-03: Posted Jan 31, 2024; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2024-0588-03 - An update for python-urllib3 is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.; tags | advisory, python; systems | linux, redhat; advisories | CVE-2023-43804; SHA-256 | 6436a3c69d590a691ed1868695481dfc85517b642342b841f4c555390078c3cf; Download | Favorite | View

Red Hat Security Advisory 2024-0464-03: Posted Jan 26, 2024; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2024-0464-03 - An update for python-urllib3 is now available for Red Hat Enterprise Linux 9.; tags | advisory, python; systems | linux, redhat; advisories | CVE-2023-43804; SHA-256 | 5e2d7a5624f97d20a6d70a2a3e5fdb17bfba7509f3c18063065f005ae58cf9e0; Download | Favorite | View

Red Hat Security Advisory 2024-0300-03: Posted Jan 19, 2024; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2024-0300-03 - An update for python-urllib3 is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.; tags | advisory, python; systems | linux, redhat; advisories | CVE-2023-43804; SHA-256 | 4412f703d959c59aa8a60d7a59b5e7a78dd01b8efcff48d6555296c3f35bf621; Download | Favorite | View

Red Hat Security Advisory 2024-0187-03: Posted Jan 17, 2024; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2024-0187-03 - An update for python-urllib3 is now available for Red Hat OpenStack Platform 17.1.; tags | advisory, python; systems | linux, redhat; advisories | CVE-2023-43804; SHA-256 | 8e1421985532ad8e1d11f068e41a4734b585834979ff14b07a660556dcbbeb52; Download | Favorite | View

Red Hat Security Advisory 2024-0116-03: Posted Jan 11, 2024; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2024-0116-03 - An update for python-urllib3 is now available for Red Hat Enterprise Linux 8.; tags | advisory, python; systems | linux, redhat; advisories | CVE-2023-43804; SHA-256 | fd2c8bfc67a3e07392cef03e362ea958e674fd843b502d634d027b50facbd991; Download | Favorite | View

Ubuntu Security Notice USN-6473-2: Posted Nov 15, 2023; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 6473-2 - USN-6473-1 fixed vulnerabilities in urllib3. This update provides the corresponding updates for the urllib3 module bundled into pip. It was discovered that urllib3 didn't strip HTTP Authorization header on cross-origin redirects. A remote attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.; tags | advisory, remote, web, vulnerability; systems | linux, ubuntu; advisories | CVE-2018-25091, CVE-2023-43804, CVE-2023-45803; SHA-256 | 31f113322b019e54154cd30f2be05b8d4ca103f178cbdd5efa89e9a2ef3e0838; Download | Favorite | View

Ubuntu Security Notice USN-6473-1: Posted Nov 13, 2023; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 6473-1 - It was discovered that urllib3 didn't strip HTTP Authorization header on cross-origin redirects. A remote attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that urllib3 didn't strip HTTP Cookie header on cross-origin redirects. A remote attacker could possibly use this issue to obtain sensitive information.; tags | advisory, remote, web; systems | linux, ubuntu; advisories | CVE-2018-25091, CVE-2023-43804, CVE-2023-45803; SHA-256 | 01c8788f56d352f691cc6e76bb162b2e9e247c8c99c3c08204defa5099ea0fa8; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 293 files
Ubuntu 63 files
Debian 33 files
Gentoo 28 files
LiquidWorm 10 files
nu11secur1ty 7 files
Adam Gowdiak 4 files
kai6u 3 files
gabe_k 3 files
liquidsky 3 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,036)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,495)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,567)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,739)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,489)
UNIX (9,397)
UnixWare (187)
Windows (6,656)
Other

CVE-2023-43804

Overview

Related Files

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems