CVE-2022-45411

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-45411

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-45411.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-45411

Downstream

DEBIAN-CVE-2022-45411

DLA-3196-1

DLA-3199-1

DSA-5282-1

DSA-5284-1

OESA-2023-1673

OESA-2023-1674

RHSA-2022:8543

RHSA-2022:8544

RHSA-2022:8545

RHSA-2022:8547

RHSA-2022:8548

RHSA-2022:8549

RHSA-2022:8550

RHSA-2022:8552

RHSA-2022:8553

RHSA-2022:8554

RHSA-2022:8555

RHSA-2022:8556

RHSA-2022:8561

RHSA-2022:8580

RHSA-2022:8979

RHSA-2022:8980

SUSE-SU-2022:4058-1

SUSE-SU-2022:4083-1

SUSE-SU-2022:4085-1

SUSE-SU-2022:4247-1

UBUNTU-CVE-2022-45411

USN-5726-1

USN-5824-1

openSUSE-SU-2024:12518-1

openSUSE-SU-2024:12519-1

openSUSE-SU-2024:12532-1

openSUSE-SU-2024:14572-1

Related

Published

2022-12-22T20:15:43Z

Modified

2025-08-09T20:01:26Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS attack to access to authorization headers and cookies inaccessible to JavaScript (such as cookies protected by HTTPOnly). To mitigate this attack, browsers placed limits on <code>fetch()</code> and XMLHttpRequest; however some webservers have implemented non-standard headers such as <code>X-Http-Method-Override</code> that override the HTTP method, and made this attack possible again. Thunderbird has applied the same mitigations to the use of this and similar headers. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.

References

Affected packages