The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Tue, 17 Jun 2025 16:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat stf
CPEs cpe:/a:redhat:service_telemetry_framework:1.5::el8 cpe:/a:redhat:stf:1.5::el8
Vendors & Products Redhat service Telemetry Framework
Redhat stf

Thu, 07 Nov 2024 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Sun, 08 Sep 2024 19:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat openshift Distributed Tracing
CPEs cpe:/a:redhat:openshift_distributed_tracing:2.9::el8
Vendors & Products Redhat openshift Distributed Tracing

Mon, 19 Aug 2024 22:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift_distributed_tracing:2.9::el8
Vendors & Products Redhat openshift Distributed Tracing

cve-icon MITRE

Status: PUBLISHED

Assigner: Go

Published:

Updated: 2025-02-13T16:49:14.579Z

Reserved: 2023-04-05T19:36:35.043Z

Link: CVE-2023-29406

cve-icon Vulnrichment

Updated: 2024-08-02T14:07:45.735Z

cve-icon NVD

Status : Modified

Published: 2023-07-11T20:15:10.643

Modified: 2024-11-21T07:56:59.913

Link: CVE-2023-29406

cve-icon Redhat

Severity : Moderate

Publid Date: 2023-07-11T00:00:00Z

Links: CVE-2023-29406 - Bugzilla

cve-icon OpenCVE Enrichment

No data.