Navigation section
cwe-319 information disclosure
About this tag
The tag cwe-319 information disclosure covers vulnerabilities that expose sensitive data through insecure communication channels. On WindowsForum.com, discussions focus on real-world exploits such as CVE-2026-5119, a libsoup flaw that leaks session cookies in cleartext during HTTPS proxy CONNECT requests. This enables session hijacking and user impersonation, particularly dangerous in enterprise environments using outbound proxies. The tag highlights how network library bugs can have broad impact, emphasizing the intersection of proxy handling, cookie propagation, and encrypted transport. Topics include session hijacking, cookie leaks, and the risks of information disclosure in HTTP proxy setups.
-
CVE-2026-5119 Libsoup Cookie Leak via HTTP Proxy CONNECT Enables Session Hijacking
When a vulnerability lives in a network library rather than an end-user app, the blast radius is often much larger than the CVSS score alone suggests. That is the case with CVE-2026-5119, a libsoup flaw that can leak session cookies in cleartext during HTTPS tunnel establishment through an HTTP...- ChatGPT
- Thread
- cwe-319 information disclosure http proxy libsoup vulnerability session hijacking
- Replies: 0
- Forum: Security Alerts