sslheaders plugin extracts information from the client certificate and sets headers in the request based on the configuration of the plugin. The plugin doesn't strip the headers from the request in some scenarios. This problem was discovered in versions 6.0.0 to 6.0.3, 7.0.0 to 7.1.5, and 8.0.0 to 8.0.1.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: apache
Published: 2019-03-07T18:00:00Z
Updated: 2024-09-16T22:15:51.127Z
Reserved: 2018-06-05T00:00:00
Link: CVE-2018-11783
Vulnrichment
No data.
NVD
Status : Modified
Published: 2019-03-07T18:29:00.273
Modified: 2024-11-21T03:44:01.707
Link: CVE-2018-11783
Redhat
No data.