23 matches found
SUSE-SU-2026:2487-1 Security update for rmt-server
This update for rmt-server fixes the following issues - CVE-2026-26961: rack: mismatch in header handling can allow to smuggle multipart content bsc1261398. - CVE-2026-26962: rack: improper unfolding of folded multipart headers can lead to header injection or response splitting bsc1261471. -...
MGASA-2026-0226 Updated ruby-rack packages fix security vulnerabilities
CVE-2026-26961 Greedy multipart boundary parsing can cause parser differentials and WAF bypass. Forwarded header semicolon injection enables Host and Scheme spoofing. CVE-2026-34230 Quadratic complexity in Rack::Utils.selectbestencoding via wildcard Accept-Encoding header. CVE-2026-34763 Root...
DEBIAN-CVE-2026-54387
Tinyproxy through 1.11.3, fixed in commit ff45d3b, fails to reconcile conflicting Content-Length and Transfer-Encoding: chunked headers, forwarding both verbatim to the backend while using Content-Length to determine how many request body bytes to consume. Remote attackers can desynchronize the...
Security update for rmt-server
This update for rmt-server fixes the following issues CVE-2026-26961: rack: mismatch in header handling can allow to smuggle multipart content bsc1261398. CVE-2026-26962: rack: improper unfolding of folded multipart headers can lead to header injection or response splitting bsc1261471...
SUSE-SU-2026:1964-1 Security update for rmt-server
This update for rmt-server fixes the following issues - CVE-2026-26961: rack: mismatch in header handling can allow to smuggle multipart content bsc1261398. - CVE-2026-26962: rack: improper unfolding of folded multipart headers can lead to header injection or response splitting bsc1261471. -...
OESA-2026-2084 haproxy security update
HAProxy is a free, very fast and reliable solution offering high availability, load balancing, and proxying for TCP and HTTP-based applications. It is particularly suited for very high traffic web sites and powers quite a number of the world's most visited ones. Security Fixes: An issue was...
CVE-2026-33555
An issue was discovered in HAProxy before 3.3.6. The HTTP/3 parser does not check that the received body length matches a previously announced content-length when the stream is closed via a frame with an empty payload. This can cause desynchronization issues with the backend server and could be...
Linux Distros Unpatched Vulnerability : CVE-2026-33555
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in HAProxy before 3.3.6. The HTTP/3 parser does not check that the received body length matches a previously announced content-length wh...
Improper Handling of Length Parameter Inconsistency
Overview rack is a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between the so-called middleware into a singl...
CVE-2026-34831 Rack: Content-Length mismatch in Rack::Files error responses
Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Filesfail sets the Content-Length response header using Stringsize instead of Stringbytesize. When the response body contains multibyte UTF-8 characters, the declared Content-Length is smaller than the...
CVE-2025-61258
Outsystems Platform Server 11.18.1.37828 allows attackers to cause a denial of service via a crafted content-length value mismatching the body length. NOTE: the Supplier indicates that they are unable to reproduce this...
EUVD-2025-202263
An issue was discovered in Outsystems Platform Server 11.18.1.37828 allows attackers to cause a denial of service via crafted content-length value mismatching the body length...
CVE-2025-61258
Outsystems Platform Server 11.18.1.37828 allows attackers to cause a denial of service via a crafted content-length value mismatching the body length. NOTE: the Supplier indicates that they are unable to reproduce this...
Outsystems Platform Server 安全漏洞
Outsystems Platform Server is a core component of a low-code development platform from Outsystems, USA. A security vulnerability exists in Outsystems Platform Server version 11.18.1.37828, which stems from a mismatch between the value of the specially crafted content-length and the length of the...
CVE-2025-61258
Outsystems Platform Server 11.18.1.37828 allows attackers to cause a denial of service via a crafted content-length value mismatching the body length. NOTE: the Supplier indicates that they are unable to reproduce this...
CVE-2025-61258
CVE-2025-61258 affects Outsystems Platform Server 11.18.1.37828. Multiple sources confirm a denial-of-service vulnerability caused by a mismatch between a crafted Content-Length value and the actual body length. The Red Hat and NVD entries, along with EUVD/CNNVD/CVE records, consistently describe...
Linux Distros Unpatched Vulnerability : CVE-2017-5659
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache Traffic Server before 6.2.1 generates a coredump when there is a mismatch between content length and chunked encoding. CVE-2017-5659 Note that Nessus...
The vulnerability of the HTTP Daemon server relates to inconsistent interpretation of HTTP requests, allowing attackers to exploit their privileges.
The vulnerability of the HTTP Daemon is related to the inconsistent interpretation of HTTP requests when processing the 'Content-Length' header value. Exploiting this vulnerability allows a remote attacker to enhance their privileges by sending specially crafted hidden HTTP requests HTTP Request...
keycloak: DoS by sending multiple simultaneous requests with a Content-Length header value greater than actual byte count of request body
A flaw was found in Keycloak. This flaw allows an attacker to perform a denial of service attack by sending multiple simultaneous requests with a Content-Length header value greater than the actual byte count of the request body. The highest threat from this vulnerability is to system availabilit...
Apache Traffic Server Denial of Service Vulnerability
Apache Traffic Server is scalable HTTP/1.1 compliant caching proxy server. A security vulnerability exists in Apache Traffic Server versions prior to 6.2.1. It allows an attacker to cause a denial of service due to improper matching between content length and block encoding...