Overview
About vulnerability
The AsyncHttpClient (AHC) library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. Versions on the 2.x branch prior to 2.15.0 and the 3.x branch prior to 3.0.10 leakCookie headers to cross-origin redirect targets. When following a redirect to a different origin, the propagatedHeaders() method in Redirect30xInterceptor.java strips Authorization and Proxy-Authorization headers but does not strip the Cookie header, causing session cookies and other sensitive cookie values to be sent to attacker-controlled servers. Versions 2.15.0 and 3.0.10 patch the issue.
Details
- Affected product:
- Apache CXF , Spring , async-http-client , camel , pulsar , zendesk-java-client
- Affected packages:
- apache-cxf @ 3.5.11 (+2556 more)
Cookie headers to cross-origin redirect targets. When following a redirect to a different origin, the propagatedHeaders() method in Redirect30xInterceptor.java strips Authorization and Proxy-Authorization headers but does not strip the Cookie header, causing session cookies and other sensitive cookie values to be sent to attacker-controlled servers. Versions 2.15.0 and 3.0.10 patch the issue.