Rapid7 Vulnerability & Exploit Database

Oracle Linux: CVE-2022-32148: ELSA-2022-5799: go-toolset and golang security and bug fix update (IMPORTANT) (Multiple Advisories)

Free InsightVM Trial No Credit Card Necessary
2024 Attack Intel Report Latest research by Rapid7 Labs
Back to Search

Oracle Linux: CVE-2022-32148: ELSA-2022-5799: go-toolset and golang security and bug fix update (IMPORTANT) (Multiple Advisories)

Severity
6
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:N)
Published
07/12/2022
Created
08/29/2022
Added
10/16/2024
Modified
10/17/2024

Description

Improper exposure of client IP addresses in net/http before Go 1.17.12 and Go 1.18.4 can be triggered by calling httputil.ReverseProxy.ServeHTTP with a Request.Header map containing a nil value for the X-Forwarded-For header, which causes ReverseProxy to set the client IP as the value of the X-Forwarded-For header. A flaw was found in net/http/httputil golang package. When httputil.ReverseProxy.ServeHTTP is called with a Request.Header map containing a nil value for the X-Forwarded-For header, ReverseProxy could set the client IP incorrectly. This issue may affect confidentiality.

Solution(s)

  • oracle-linux-upgrade-aardvark-dns
  • oracle-linux-upgrade-buildah
  • oracle-linux-upgrade-buildah-tests
  • oracle-linux-upgrade-cockpit-podman
  • oracle-linux-upgrade-conmon
  • oracle-linux-upgrade-containernetworking-plugins
  • oracle-linux-upgrade-containers-common
  • oracle-linux-upgrade-container-selinux
  • oracle-linux-upgrade-crit
  • oracle-linux-upgrade-criu
  • oracle-linux-upgrade-criu-devel
  • oracle-linux-upgrade-criu-libs
  • oracle-linux-upgrade-crun
  • oracle-linux-upgrade-delve
  • oracle-linux-upgrade-fuse-overlayfs
  • oracle-linux-upgrade-git-lfs
  • oracle-linux-upgrade-golang
  • oracle-linux-upgrade-golang-bin
  • oracle-linux-upgrade-golang-docs
  • oracle-linux-upgrade-golang-misc
  • oracle-linux-upgrade-golang-race
  • oracle-linux-upgrade-golang-src
  • oracle-linux-upgrade-golang-tests
  • oracle-linux-upgrade-go-toolset
  • oracle-linux-upgrade-grafana
  • oracle-linux-upgrade-grafana-pcp
  • oracle-linux-upgrade-libslirp
  • oracle-linux-upgrade-libslirp-devel
  • oracle-linux-upgrade-netavark
  • oracle-linux-upgrade-oci-seccomp-bpf-hook
  • oracle-linux-upgrade-podman
  • oracle-linux-upgrade-podman-catatonit
  • oracle-linux-upgrade-podman-docker
  • oracle-linux-upgrade-podman-gvproxy
  • oracle-linux-upgrade-podman-plugins
  • oracle-linux-upgrade-podman-remote
  • oracle-linux-upgrade-podman-tests
  • oracle-linux-upgrade-python3-criu
  • oracle-linux-upgrade-python3-podman
  • oracle-linux-upgrade-runc
  • oracle-linux-upgrade-skopeo
  • oracle-linux-upgrade-skopeo-tests
  • oracle-linux-upgrade-slirp4netns
  • oracle-linux-upgrade-udica

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;