Lucene search
K

23 matches found

OSV
OSV
added 2026/06/22 12:8 p.m.2 views

SUSE-SU-2026:2487-1 Security update for rmt-server

This update for rmt-server fixes the following issues - CVE-2026-26961: rack: mismatch in header handling can allow to smuggle multipart content bsc1261398. - CVE-2026-26962: rack: improper unfolding of folded multipart headers can lead to header injection or response splitting bsc1261471. -...

7.5CVSS5.9AI score0.0043EPSS
Exploits0References22
OSV
OSV
added 2026/06/18 9:28 p.m.6 views

MGASA-2026-0226 Updated ruby-rack packages fix security vulnerabilities

CVE-2026-26961 Greedy multipart boundary parsing can cause parser differentials and WAF bypass. Forwarded header semicolon injection enables Host and Scheme spoofing. CVE-2026-34230 Quadratic complexity in Rack::Utils.selectbestencoding via wildcard Accept-Encoding header. CVE-2026-34763 Root...

7.5CVSS5.2AI score0.00475EPSS
Exploits2References14
OSV
OSV
added 2026/06/17 8:17 p.m.4 views

DEBIAN-CVE-2026-54387

Tinyproxy through 1.11.3, fixed in commit ff45d3b, fails to reconcile conflicting Content-Length and Transfer-Encoding: chunked headers, forwarding both verbatim to the backend while using Content-Length to determine how many request body bytes to consume. Remote attackers can desynchronize the...

9.3CVSS5.6AI score0.00439EPSS
Exploits0References1
SUSE Linux
SUSE Linux
added 2026/05/18 8:10 a.m.14 views

Security update for rmt-server

This update for rmt-server fixes the following issues CVE-2026-26961: rack: mismatch in header handling can allow to smuggle multipart content bsc1261398. CVE-2026-26962: rack: improper unfolding of folded multipart headers can lead to header injection or response splitting bsc1261471...

8.7CVSS5.8AI score0.0043EPSS
Exploits0References42
OSV
OSV
added 2026/05/18 8:10 a.m.8 views

SUSE-SU-2026:1964-1 Security update for rmt-server

This update for rmt-server fixes the following issues - CVE-2026-26961: rack: mismatch in header handling can allow to smuggle multipart content bsc1261398. - CVE-2026-26962: rack: improper unfolding of folded multipart headers can lead to header injection or response splitting bsc1261471. -...

7.5CVSS5.8AI score0.0043EPSS
Exploits0References22
OSV
OSV
added 2026/04/25 5:50 a.m.5 views

OESA-2026-2084 haproxy security update

HAProxy is a free, very fast and reliable solution offering high availability, load balancing, and proxying for TCP and HTTP-based applications. It is particularly suited for very high traffic web sites and powers quite a number of the world's most visited ones. Security Fixes: An issue was...

5.8CVSS5.4AI score0.00297EPSS
Exploits1References2
NVD
NVD
added 2026/04/13 5:16 p.m.10 views

CVE-2026-33555

An issue was discovered in HAProxy before 3.3.6. The HTTP/3 parser does not check that the received body length matches a previously announced content-length when the stream is closed via a frame with an empty payload. This can cause desynchronization issues with the backend server and could be...

5.8CVSS0.00297EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2026/04/13 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-33555

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in HAProxy before 3.3.6. The HTTP/3 parser does not check that the received body length matches a previously announced content-length wh...

5.8CVSS5.8AI score0.00297EPSS
Exploits1References3
Snyk
Snyk
added 2026/04/02 6:20 p.m.6 views

Improper Handling of Length Parameter Inconsistency

Overview rack is a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between the so-called middleware into a singl...

6.5CVSS5.9AI score0.00147EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/02 4:43 p.m.2 views

CVE-2026-34831 Rack: Content-Length mismatch in Rack::Files error responses

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Filesfail sets the Content-Length response header using Stringsize instead of Stringbytesize. When the response body contains multibyte UTF-8 characters, the declared Content-Length is smaller than the...

4.8CVSS5.8AI score0.00147EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/11 5:3 a.m.11 views

CVE-2025-61258

Outsystems Platform Server 11.18.1.37828 allows attackers to cause a denial of service via a crafted content-length value mismatching the body length. NOTE: the Supplier indicates that they are unable to reproduce this...

7.5CVSS6.6AI score0.00515EPSS
Exploits1References1
EUVD
EUVD
added 2025/12/09 6:30 p.m.7 views

EUVD-2025-202263

An issue was discovered in Outsystems Platform Server 11.18.1.37828 allows attackers to cause a denial of service via crafted content-length value mismatching the body length...

6.2AI score0.00515EPSS
Exploits1References4
OSV
OSV
added 2025/12/09 6:15 p.m.4 views

CVE-2025-61258

Outsystems Platform Server 11.18.1.37828 allows attackers to cause a denial of service via a crafted content-length value mismatching the body length. NOTE: the Supplier indicates that they are unable to reproduce this...

7.5CVSS5.8AI score0.00515EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/12/09 12:0 a.m.6 views

Outsystems Platform Server 安全漏洞

Outsystems Platform Server is a core component of a low-code development platform from Outsystems, USA. A security vulnerability exists in Outsystems Platform Server version 11.18.1.37828, which stems from a mismatch between the value of the specially crafted content-length and the length of the...

7.5CVSS6.5AI score0.00515EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/12/09 12:0 a.m.22 views

CVE-2025-61258

Outsystems Platform Server 11.18.1.37828 allows attackers to cause a denial of service via a crafted content-length value mismatching the body length. NOTE: the Supplier indicates that they are unable to reproduce this...

0.00515EPSS
Exploits1References3
CVE
CVE
added 2025/12/09 12:0 a.m.12 views

CVE-2025-61258

CVE-2025-61258 affects Outsystems Platform Server 11.18.1.37828. Multiple sources confirm a denial-of-service vulnerability caused by a mismatch between a crafted Content-Length value and the actual body length. The Red Hat and NVD entries, along with EUVD/CNNVD/CVE records, consistently describe...

7.5CVSS6.2AI score0.00515EPSS
Exploits1References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/08/24 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2017-5659

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache Traffic Server before 6.2.1 generates a coredump when there is a mismatch between content length and chunked encoding. CVE-2017-5659 Note that Nessus...

7.5CVSS7.3AI score0.02958EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2022/09/21 12:0 a.m.3 views

The vulnerability of the HTTP Daemon server relates to inconsistent interpretation of HTTP requests, allowing attackers to exploit their privileges.

The vulnerability of the HTTP Daemon is related to the inconsistent interpretation of HTTP requests when processing the 'Content-Length' header value. Exploiting this vulnerability allows a remote attacker to enhance their privileges by sending specially crafted hidden HTTP requests HTTP Request...

7.5CVSS6.5AI score0.02108EPSS
Exploits1References15Affected Software8
RedHat Linux
RedHat Linux
added 2020/08/18 4:24 p.m.2 views

keycloak: DoS by sending multiple simultaneous requests with a Content-Length header value greater than actual byte count of request body

A flaw was found in Keycloak. This flaw allows an attacker to perform a denial of service attack by sending multiple simultaneous requests with a Content-Length header value greater than the actual byte count of the request body. The highest threat from this vulnerability is to system availabilit...

7.5CVSS5.7AI score0.02242EPSS
Exploits0References4
CNVD
CNVD
added 2017/05/15 12:0 a.m.3 views

Apache Traffic Server Denial of Service Vulnerability

Apache Traffic Server is scalable HTTP/1.1 compliant caching proxy server. A security vulnerability exists in Apache Traffic Server versions prior to 6.2.1. It allows an attacker to cause a denial of service due to improper matching between content length and block encoding...

6.7AI score
Exploits0References1
Rows per page
Query Builder