Lucene search
K

178 matches found

RedHat Linux
RedHat Linux
added 2023/05/18 12:14 a.m.4 views

haproxy: request smuggling attack in HTTP/1 header parsing

A flaw was found in HAProxy's headers processing that causes HAProxy to drop important headers fields such as Connection, Content-length, Transfer-Encoding, and Host after having partially processed them. A maliciously crafted HTTP request could be used in an HTTP request smuggling attack to bypa...

9.1CVSS5.7AI score0.05493EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2023/04/18 12:0 a.m.87 views

Golang < 1.19.8 / 1.20.x < 1.20.3 Multiple Vulnerabilities

The version of Golang Go installed on the remote host is affected by multiple vulnerabilities, as follows: - HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial of service. Certain unusual patterns of input data can...

9.8CVSS6.8AI score0.02281EPSS
Exploits0References8
OSV
OSV
added 2023/04/15 7:3 p.m.9 views

MGASA-2023-0145 Updated golang packages fix security vulnerability

DOS due to incorrect HTTP and MIME header parsing CVE-2023-24534 DOS due to incorrect Multipart form parsing CVE-2023-24536 Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow...

9.8CVSS8.9AI score0.02281EPSS
Exploits0References7
Prion
Prion
added 2023/04/14 7:15 p.m.32 views

Design/Logic Flaw

Traefik pronounced traffic is a modern HTTP reverse proxy and load balancer for deploying microservices. There is a vulnerability in Go when parsing the HTTP headers, which impacts Traefik. HTTP header parsing could allocate substantially more memory than required to hold the parsed headers. This...

5CVSS7.2AI score0.01085EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2023/04/14 6:15 p.m.12 views

CVE-2023-29013 HTTP header parsing could cause a deny of service

Traefik pronounced traffic is a modern HTTP reverse proxy and load balancer for deploying microservices. There is a vulnerability in Go when parsing the HTTP headers, which impacts Traefik. HTTP header parsing could allocate substantially more memory than required to hold the parsed headers. This...

7.5CVSS7.4AI score0.01085EPSS
Exploits0References5
OSV
OSV
added 2023/04/06 4:15 p.m.8 views

AZL-52878 CVE-2023-24534 affecting package golang for versions less than 1.20.7-1

HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial of service. Certain unusual patterns of input data can cause the common function used to parse HTTP and MIME headers to allocate substantially more memory than requir...

7.5CVSS6.7AI score0.01888EPSS
Exploits0References1
OSV
OSV
added 2023/04/06 4:15 p.m.4 views

AZL-26027 CVE-2023-24534 affecting package msft-golang for versions less than 1.20.7-1

HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial of service. Certain unusual patterns of input data can cause the common function used to parse HTTP and MIME headers to allocate substantially more memory than requir...

7.5CVSS6.6AI score0.01888EPSS
Exploits0References1
OSV
OSV
added 2023/04/06 4:15 p.m.8 views

AZL-79066 CVE-2023-24534 affecting package golang 1.25.7-1

HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial of service. Certain unusual patterns of input data can cause the common function used to parse HTTP and MIME headers to allocate substantially more memory than requir...

7.5CVSS6.6AI score0.01888EPSS
Exploits0References1
OSV
OSV
added 2023/04/06 4:15 p.m.6 views

AZL-37484 CVE-2023-24534 affecting package golang for versions less than 1.21.6-1

HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial of service. Certain unusual patterns of input data can cause the common function used to parse HTTP and MIME headers to allocate substantially more memory than requir...

7.5CVSS6.6AI score0.01888EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2023/03/21 2:50 p.m.2 views

haproxy: request smuggling attack in HTTP/1 header parsing

A flaw was found in HAProxy's headers processing that causes HAProxy to drop important headers fields such as Connection, Content-length, Transfer-Encoding, and Host after having partially processed them. A maliciously crafted HTTP request could be used in an HTTP request smuggling attack to bypa...

9.1CVSS5.7AI score0.05493EPSS
Exploits0References6
FreeBSD
FreeBSD
added 2023/03/10 12:0 a.m.42 views

traefik -- Use of vulnerable Go modules net/http, net/textproto

The Go project reports: HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial of service. Certain unusual patterns of input data can cause the common function used to parse HTTP and MIME headers to allocate substantially...

7.5CVSS8.4AI score0.01888EPSS
Exploits0References2
F5 Networks
F5 Networks
added 2023/02/21 6:32 p.m.77 views

K43709560: Apache Tomcat vulnerability CVE-2020-1935

Security Advisory Description In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat w...

5.8CVSS8AI score0.09386EPSS
Exploits0Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 6:1 a.m.6 views

SUSE CVE-2009-3877

Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.127, and SDK and JRE 1.4.x before 1.4.224 allows remote attackers to cause a denial of service memory consumption via crafted HTTP headers, which are not...

5CVSS6.7AI score0.04813EPSS
Exploits1References11
SUSE CVE
SUSE CVE
added 2023/02/15 5:43 a.m.5 views

SUSE CVE-2012-5533

The httprequestsplitvalue function in request.c in lighttpd before 1.4.32 allows remote attackers to cause a denial of service infinite loop via a request with a header containing an empty token, as demonstrated using the "Connection: TE,,Keep-Alive" header...

5CVSS6.8AI score0.12038EPSS
Exploits7References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:4 a.m.4 views

SUSE CVE-2020-1935

In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse...

4.8CVSS7.2AI score0.09386EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2023/02/15 12:0 a.m.40 views

SUSE SLES15 Security Update : haproxy (SUSE-SU-2023:0412-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0412-1 advisory. - CVE-2023-25725: Fixed a serious vulnerability in the HTTP/1 parser bsc1208132. - CVE-2023-0056: Fixed denial of service via crash in...

9.1CVSS6.8AI score0.05493EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2022/08/10 6:15 a.m.2 views

CVE-2022-28129

Improper Input Validation vulnerability in HTTP/1.1 header parsing of Apache Traffic Server allows an attacker to send invalid headers. This issue affects Apache Traffic Server 8.0.0 to 9.1.2...

7.5CVSS5.9AI score0.01849EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2022/08/10 6:15 a.m.1 views

DEBIAN-CVE-2022-28129

Improper Input Validation vulnerability in HTTP/1.1 header parsing of Apache Traffic Server allows an attacker to send invalid headers. This issue affects Apache Traffic Server 8.0.0 to 9.1.2...

7.5CVSS7.3AI score0.01849EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/08/10 6:15 a.m.3 views

CVE-2022-31779

Improper Input Validation vulnerability in HTTP/2 header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 9.1.2...

7.5CVSS5.4AI score0.01886EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2022/07/13 9:15 p.m.4 views

CVE-2022-34759

A CWE-787: Out-of-bounds Write vulnerability exists that could cause a denial of service of the webserver due to improper parsing of the HTTP Headers. Affected Products: X80 advanced RTU Communication Module BMENOR2200H V1.0, OPC UA Modicon Communication Module BMENUA0100 V1.10 and prior...

7.5CVSS5.8AI score0.00728EPSS
Exploits0References1
Rows per page
Query Builder