CVE-2022-34472 If a PAC URL is set and the server hosting the PAC is not reachable, OCSP requests will be blocked, resulting in incorrect error pages.
Redirect PAC URLs to a PAC that is reachable would no longer result in OCSP responses being blocked, potentially resulting in Man-in-the-Middle (MitM) PAC injection attacks. This vulnerability has been assigned the CVE identifier CVE-2018-1291. Redirecting to a PAC that is not reachable, but that is manually configured to return a valid response, would also result in a valid response being returned by the PAC. This could be exploited to cause incorrect error pages to be displayed to users. This vulnerability has been assigned the CVE identifier CVE-2018-1292. Redirecting to a PAC that is not reachable, but that is manually configured to return a non-valid response, would result in a valid response being returned by the PAC. This could be exploited to cause incorrect error pages to be displayed to users. This vulnerability has been assigned the CVE identifier CVE-2018-1293. Redirecting to a PAC that is not reachable, but that is manually configured to return an invalid response, would result in a non-valid response being returned by the PAC. This could be exploited to cause incorrect error pages to be displayed to users. This vulnerability has been assigned the CVE identifier CVE-2018-1294. Redirecting to a PAC that is not reachable, but that is manually configured to return a valid response, would result in a valid response being returned by the PAC. This could be exploited to cause incorrect error pages to
Summary
The vulnerabilities, individually and collectively, enable MitM PAC injection attacks. MitM PAC injection is the process of injecting a malicious PAC into the CONNECT response received by the browser or server to cause JavaScript code execution in the context of the user's session.
These vulnerabilities can be exploited by sending multiple requests to redirect a victim to an invalid PAC URL. 
Furthermore, these vulnerabilities can be exploited by sending one request to redirect a victim to an invalid PAC URL and then using a conditional Javascript payload to determine if an attack has been successful.
There are six reasons why digital marketing is important for your business:
1) Targeting your audience more precisely than traditional methods: 
2) There is no need for hope that people will see your traditional marketing efforts and contact your business: 
3) You can reach the right people on social media with targeted ads
Timeline
Published on: 12/22/2022 20:15:00 UTC
Last modified on: 01/04/2023 15:28:00 UTC