Reflected XSS vulnerability in keter
Keter is an app-server/reverse-proxy often used with webapps build on Yesod web-framework.
In the logic handling VHost dispatch, Keter was echoing back
Host header value, unescaped, as part of an HTML error
page. This constitutes a reflected-XSS vulnerability. Although not
readily exploitable directly from a browser (where Host
header can't generally assume arbitrary values), it may become such in
presence of further weaknesses in components upstream of Keter in the
http proxying chain. Therefore, AC:High in CVSS evaluation.
Info
- Published
- February 27, 2024
- Modified
- February 27, 2024
- CAPECs
- < none >
- CWEs
- 79
- Keywords
- http, xss, rxss, historical
- Aliases
- < none >
- Related
- < none >
- References
- [FIX] https://github.com/snoyberg/keter/pull/246
Affected
keter
- CVSS
- CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
- Versions
>=0.3.4 && <1.8.4- Declarations
Keter.Proxy.toResponse:>=0.3.4 && <1.0.1Keter.Proxy.unknownHostResponse:>=1.0.1 && <1.8.4