Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Gateway: apicast basic auth bypass via malformed base64 headerssending non-base64 'basic' auth with special characters causes apicast to incorrectly authenticate a request
Vulnerability Description
A flaw was found in Gateway. Sending a non-base64 'basic' auth with special characters can cause APICast to incorrectly authenticate a request. A malformed basic authentication header containing special characters bypasses authentication and allows unauthorized access to the backend. This issue can occur due to a failure in the base64 decoding process, which causes APICast to skip the rest of the authentication checks and proceed with routing the request upstream.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
授权机制不正确
Vulnerability Title
Red Hat 3scale API Management Platform 安全漏洞
Vulnerability Description
Red Hat 3scale API Management Platform是美国红帽(Red Hat)公司的一个API管理的基础架构平台。能快速实现 API 共享、保护、分发、控制和盈利。 Red Hat 3scale API Management Platform存在安全漏洞,该漏洞源于发送带有特殊字符的非base64基本身份验证可能会导致APICast错误地验证请求,允许未经授权访问后端。
CVSS Information
N/A
Vulnerability Type
N/A