Lucene search

Lenient Parsing of Content-Length Header When Prefixed with Plus Sign

🗓️ 12 Jul 2021 16:20:54Reported by GitHub Advisory DatabaseType

Flaw in hyper's HTTP/1 server code parsing `Content-Length` prefixed with plus sign can lead to desync attacks

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 14
UbuntuCve	CVE-2021-32715	7 Jul 202100:00	–	ubuntucve
NVD	CVE-2021-32715	7 Jul 202120:15	–	nvd
RustSec	Lenient `hyper` header parsing of `Content-Length` could allow request smuggling	7 Jul 202112:00	–	rustsec
OSV	RUSTSEC-2021-0078 Lenient `hyper` header parsing of `Content-Length` could allow request smuggling	7 Jul 202112:00	–	osv
OSV	UBUNTU-CVE-2021-32715	7 Jul 202120:15	–	osv
OSV	CVE-2021-32715	7 Jul 202120:15	–	osv
OSV	GHSA-F3PG-QWVG-P99C Lenient Parsing of Content-Length Header When Prefixed with Plus Sign	12 Jul 202116:54	–	osv
OSV	OPENSUSE-SU-2024:11751-1 afterburn-5.0.0-6.1 on GA media	15 Jun 202400:00	–	osv
RedhatCVE	CVE-2021-32715	20 May 202223:02	–	redhatcve
Prion	Design/Logic Flaw	7 Jul 202120:15	–	prion

Vulners

Node

hyper hyperRange<0.14.10

Source	Link
github	www.github.com/hyperium/hyper/security/advisories/GHSA-f3pg-qwvg-p99c
nvd	www.nvd.nist.gov/vuln/detail/CVE-2021-32715
github	www.github.com/rust-lang/rust/pull/28826/commits/123a83326fb95366e94a3be1a74775df4db97739
rustsec	www.rustsec.org/advisories/RUSTSEC-2021-0078.html
github	www.github.com/hyperium/hyper/commit/1fb719e0b61a4f3d911562a436a2ff05fd7cb759
github	www.github.com/advisories/GHSA-f3pg-qwvg-p99c

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

12 Jul 2021 16:54Current

CVSS24.3

CVSS33.1 - 5.3

EPSS0.00295

CWE-444