EUVD-2026-19603

Tinyproxy through 1.11.3 is vulnerable to HTTP request parsing desynchronization due to a case-sensitive comparison of the Transfer-Encoding header in src/reqs.c. The ischunkedtransfer function uses strcmp to compare the header value against "chunked", even though RFC 7230 specifies that...

cpp-httplib 安全漏洞

cpp-httplib is an HTTP/HTTPS server and client library written in C++ by the individual developer yhirose. A security vulnerability exists in cpp-httplib versions prior to 0.23.0, which stems from a Transfer-Encoding: chunked header that could cause the server to run out of memory...

golang: net/http: improper sanitization of Transfer-Encoding header

A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid...

Security Bulletin: Open Source Apache Tomcat vulnerability (CVE-2014-0227)

Summary Apache Tomcat is vulnerable to HTTP request smuggling. A remote attacker could send a specially-crafted request in a malformed chunked header to the Web server to cause multiple processing conflicts on the servers. An attacker could exploit this vulnerability to poison the web cache, bypa...

ModSecurity < 2.7.6 Chunked Header Filter Bypass

According to its banner, the version of ModSecurity installed on the remote host is prior to 2.7.6. It is, therefore, potentially affected by a filter bypass vulnerability. A filter bypass vulnerability exists with 'modsecurity.c' not properly handling chunked requests. A remote attacker, with a...

UBUNTU-CVE-2013-5705

apache2/modsecurity.c in ModSecurity before 2.7.6 allows remote attackers to bypass rules by using chunked transfer coding with a capitalized Chunked value in the Transfer-Encoding HTTP header...