PT-2023-12826 · Unknown+5 · Http-Cache-Semantics+5
Carter Snook
·
Publicado
2023-01-31
·
Atualizado
2026-05-18
·
CVE-2022-25881
CVSS v3.1
7.5
Alta
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
http-cache-semantics versions prior to 4.1.1
Description
The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library. This leads to a Denial of Service due to an Inefficient Regular Expression Complexity.
Recommendations
For versions prior to 4.1.1, update to version 4.1.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the library until a patch is applied. Avoid using the library to read cache policies from requests with potentially malicious header values until the issue is resolved.
Exploit
Correção
DoS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Almalinux
Centos
Red Hat
Rocky Linux
Suse
Http-Cache-Semantics