CVE-2025-64484

HIGH

中文标题:

（暂无数据）

英文标题:

OAuth2-Proxy vulnerable to header smuggling via underscore, leading to potential privilege escalation

CVSS分数: 8.5

发布时间: 2025-11-10 21:33:58

漏洞类型: （暂无数据）

状态: PUBLISHED

数据质量分数: 0.30

数据版本: v2

漏洞描述

中文描述:

（暂无数据）

英文描述:

OAuth2-Proxy is an open-source tool that can act as either a standalone reverse proxy or a middleware component integrated into existing reverse proxy or load balancer setups. In versions prior to 7.13.0, all deployments of OAuth2 Proxy in front of applications that normalize underscores to dashes in HTTP headers (e.g., WSGI-based frameworks such as Django, Flask, FastAPI, and PHP applications). Authenticated users can inject underscore variants of X-Forwarded-* headers that bypass the proxy’s filtering logic, potentially escalating privileges in the upstream app. OAuth2 Proxy authentication/authorization itself is not compromised. The problem has been patched with v7.13.0. By default all specified headers will now be normalized, meaning that both capitalization and the use of underscores (_) versus dashes (-) will be ignored when matching headers to be stripped. For example, both `X-Forwarded-For` and `X_Forwarded-for` will now be treated as equivalent and stripped away. For those who have a rational that requires keeping a similar looking header and not stripping it, the maintainers introduced a new configuration field for Headers managed through the AlphaConfig called `InsecureSkipHeaderNormalization`. As a workaround, ensure filtering and processing logic in upstream services don't treat underscores and hyphens in Headers the same way.

CWE类型:

CWE-644

受影响产品

厂商	产品	版本	版本范围	平台	CPE
oauth2-proxy	oauth2-proxy	< 7.13.0	-	-	`cpe:2.3:a:oauth2-proxy:oauth2-proxy:<_7.13.0:::::::*`

解决方案

中文解决方案:

（暂无数据）

英文解决方案:

（暂无数据）

临时解决方案:

（暂无数据）

参考链接

https://github.com/oauth2-proxy/oauth2-proxy/security/advisories/GHSA-vjrc-mh2v-45x6 x_refsource_CONFIRM
cve.org

访问

https://datatracker.ietf.org/doc/html/rfc2616#section-4.2 x_refsource_MISC
cve.org

访问

https://datatracker.ietf.org/doc/html/rfc822#section-3.2 x_refsource_MISC
cve.org

访问

https://github.security.telekom.com/2020/05/smuggling-http-headers-through-reverse-proxies.html x_refsource_MISC
cve.org

访问

https://www.uptimia.com/questions/why-are-http-headers-with-underscores-dropped-by-nginx x_refsource_MISC
cve.org

访问

CVSS评分详情

3.1 (cna)

HIGH

8.5

CVSS向量: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N

机密性

HIGH

完整性

LOW

可用性

NONE

时间信息

发布时间:

2025-11-10 21:33:58

修改时间:

2025-11-10 21:33:58

创建时间:

2025-11-11 15:40:50

更新时间:

2025-11-11 15:48:36

利用信息

暂无可利用代码信息

数据源详情

数据源	记录ID	版本	提取时间
CVE	`cve_CVE-2025-64484`	2025-11-11 15:23:34	2025-11-11 07:40:50
NVD	`nvd_CVE-2025-64484`	2025-11-11 15:01:08	2025-11-11 07:48:36

版本与语言

当前版本: v2

主要语言: EN

支持语言:

安全公告

暂无安全公告信息

变更历史

v2 NVD

2025-11-11 15:48:36

data_sources: ['cve'] → ['cve', 'nvd']

查看详细变更

data_sources: ['cve'] -> ['cve', 'nvd']

CVE-2025-64484

中文标题:

（暂无数据）

英文标题:

OAuth2-Proxy vulnerable to header smuggling via underscore, leading to potential privilege escalation

漏洞描述

中文描述:

英文描述:

CWE类型:

标签:

受影响产品

解决方案

中文解决方案:

英文解决方案:

临时解决方案:

参考链接

CVSS评分详情

3.1 (cna)

时间信息

利用信息

数据源详情

版本与语言

安全公告

变更历史