Lucene search
RustsecRUSTSEC-2021-0020HistoryFeb 05, 2021 - 12:00 p.m.
Multiple Transfer-Encoding headers misinterprets request payload
2021-02-0512:00:00
rustsec.org
7
0.003 Low
EPSS
Percentile
69.2%
hyper’s HTTP server code had a flaw that incorrectly understands some requests
with multiple transfer-encoding headers to have a chunked payload, when it
should have been rejected as illegal. This combined with an upstream HTTP proxy
that understands the request payload boundary differently can result in
“request smuggling” or “desync attacks”.
Related
osv
osv
HTTP Request Smuggling in hyper
2021-08-25 20:56:18
Multiple Transfer-Encoding headers misinterprets request payload
2021-02-05 12:00:00
CVE-2021-21299
2021-02-11 18:15:16
debiancve
debiancve
CVE-2021-21299
2021-02-11 18:15:16
ubuntucve
ubuntucve
CVE-2021-21299
2021-02-11 00:00:00
cvelist
cvelist
cve
cve
CVE-2021-21299
2021-02-11 18:15:16
CVE-2021-26959
2021-02-09 23:15:14
nvd
nvd
CVE-2021-21299
2021-02-11 18:15:16
CVE-2021-26959
2021-02-09 23:15:14
github
github
HTTP Request Smuggling in hyper
2021-08-25 20:56:18
prion
prion
Design/Logic Flaw
2021-02-11 18:15:00