4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
0.001 Low
EPSS
Percentile
38.8%
hyper is an HTTP library for rust. hyper’s HTTP/1 server code had a flaw that incorrectly parses and accepts requests with a Content-Length
header with a prefixed plus sign, when it should have been rejected as illegal. This combined with an upstream HTTP proxy that doesn’t parse such Content-Length
headers, but forwards them, can result in “request smuggling” or “desync attacks”. The flaw exists in all prior versions of hyper prior to 0.14.10, if built with rustc
v1.5.0 or newer. The vulnerability is patched in hyper version 0.14.10. Two workarounds exist: One may reject requests manually that contain a plus sign prefix in the Content-Length
header or ensure any upstream proxy handles Content-Length
headers with a plus sign prefix.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | rust-hyper | < 0.14.19-1 | rust-hyper_0.14.19-1_all.deb |
Debian | 999 | all | rust-hyper | < 0.14.19-1 | rust-hyper_0.14.19-1_all.deb |
Debian | 13 | all | rust-hyper | < 0.14.19-1 | rust-hyper_0.14.19-1_all.deb |
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
0.001 Low
EPSS
Percentile
38.8%