363 matches found
Siemens SENTRON 7KT PAC1261 HTTP Request/Response Smuggling (CVE-2025-22871)
The Go net/http package incorrectly treats a bare line feed LF as a valid line terminator in chunked transfer data. This flaw can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as a line terminator. This plugin only works with...
osbuild-composer security update
An update is available for osbuild-composer. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list A service for building customized OS artifacts, such as VM images an...
RHCOS 4 : OpenShift Container Platform 4.18.21 (RHSA-2025:11678)
The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:11678 advisory. - net/http: Request smuggling due to acceptance of invalid chunked data in net/http CVE-2025-22871 Note that Nessus has not tested for this...
RHCOS 4 : OpenShift Container Platform 4.15.55 (RHSA-2025:11352)
The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:11352 advisory. - net/http: Request smuggling due to acceptance of invalid chunked data in net/http CVE-2025-22871 Note that Nessus has not tested for this...
RHCOS 4 : OpenShift Container Platform 4.18.20 (RHSA-2025:10768)
The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:10768 advisory. - net/http: Request smuggling due to acceptance of invalid chunked data in net/http CVE-2025-22871 Note that Nessus has not tested for this...
RHCOS 4 : OpenShift Container Platform 4.12.78 (RHSA-2025:10271)
The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:10271 advisory. - net/http: Request smuggling due to acceptance of invalid chunked data in net/http CVE-2025-22871 Note that Nessus has not tested for this...
RHCOS 4 : OpenShift Container Platform 4.19.1 (RHSA-2025:9279)
The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:9279 advisory. - net/http: Request smuggling due to acceptance of invalid chunked data in net/http CVE-2025-22871 Note that Nessus has not tested for this...
Photon OS 4.0: Go PHSA-2026-4.0-0968
An update of the go package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-4.0-0968. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid300118...
containernetworking-plugins security update
1:1.7.1-3 - Rebuild for new golang to address CVE-2025-61726 - Resolves: RHEL-146859 1:1.7.1-2 - rebuild for CVE-2025-22871 - Resolves: RHEL-90030...
MiracleLinux 8 : container-tools:rhel8 (AXSA:2025-10031:01)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10031:01 advisory. net/http: Request smuggling due to acceptance of invalid chunked data in net/http CVE-2025-22871 Tenable has extracted the preceding description block...
MiracleLinux 9 : skopeo-1.18.1-2.el9_6 (AXSA:2025-10550:03)
The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10550:03 advisory. net/http: Request smuggling due to acceptance of invalid chunked data in net/http CVE-2025-22871 Tenable has extracted the preceding description block...
MiracleLinux 8 : grafana-pcp-5.1.1-10.el8_10 (AXSA:2025-10022:01)
The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2025-10022:01 advisory. net/http: Request smuggling due to acceptance of invalid chunked data in net/http CVE-2025-22871 Tenable has extracted the preceding description block...
MiracleLinux 9 : buildah-1.39.4-2.el9_6 (AXSA:2025-10547:03)
The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10547:03 advisory. net/http: Request smuggling due to acceptance of invalid chunked data in net/http CVE-2025-22871 Tenable has extracted the preceding description block...
MiracleLinux 9 : git-lfs-3.6.1-2.el9_6 (AXSA:2025-10545:05)
The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2025-10545:05 advisory. net/http: Request smuggling due to acceptance of invalid chunked data in net/http CVE-2025-22871 Tenable has extracted the preceding description block...
MiracleLinux 9 : osbuild-composer-132.2-2.el9_6.ML.1 (AXSA:2025-10647:06)
The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10647:06 advisory. net/http: Request smuggling due to acceptance of invalid chunked data in net/http CVE-2025-22871 Tenable has extracted the preceding description block...
MiracleLinux 9 : opentelemetry-collector-0.127.0-1.el9_6 (AXSA:2025-10719:05)
The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2025-10719:05 advisory. net/http: Request smuggling due to acceptance of invalid chunked data in net/http CVE-2025-22871 Tenable has extracted the preceding description block...
MiracleLinux 8 : grafana-9.2.10-25.el8_10 (AXSA:2025-10021:06)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10021:06 advisory. net/http: Request smuggling due to acceptance of invalid chunked data in net/http CVE-2025-22871 Tenable has extracted the preceding description block...
MiracleLinux 9 : golang-1.23.9-1.el9_6 (AXSA:2025-10534:02)
The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10534:02 advisory. net/http: Request smuggling due to acceptance of invalid chunked data in net/http CVE-2025-22871 Tenable has extracted the preceding description block...
MiracleLinux 9 : podman-5.4.0-10.el9_6 (AXSA:2025-10671:08)
The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10671:08 advisory. net/http: Request smuggling due to acceptance of invalid chunked data in net/http CVE-2025-22871 Tenable has extracted the preceding description block...
Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in net/http/internal CVE-2025-22871
Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in net/http/internal CVE-2025-22871 Vulnerability Details CVEID:CVE-2025-22871 DESCRIPTION: The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This...