CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

98 matches found

CVE•added 2020/05/22 2:55 p.m.•239 views

CVE-2020-11077

CVE-2020-11077 affects the Puma RubyGem HTTP server. It describes an HTTP request/response smuggling scenario where a proxy with persistent connections and HTTP pipelining can cause the proxy to deliver a second response to the wrong client, due to how Puma parses the first request and its body. ...

7.5CVSS6.9AI score0.00821EPSS

Exploits0References6Affected Software1

Debian CVE•added 2020/05/22 2:55 p.m.•48 views

CVE-2020-11077

In Puma RubyGem before 4.3.5 and 3.12.6, a client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. If the proxy uses persistent connections and the client adds another request in via HTTP pipelining, the proxy may mistake it as the firs...

7.5CVSS7.6AI score0.00821EPSS

Exploits0

OSV•added 2020/05/22 2:55 p.m.•39 views

GHSA-W64W-QQPH-5GXM HTTP Smuggling via Transfer-Encoding Header in Puma

Impact This is a similar but different vulnerability to the one patched in 3.12.5 and 4.3.4. A client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. If the proxy uses persistent connections and the client adds another request in via...

6.8CVSS7.4AI score0.00821EPSS

Exploits0References9

OSV•added 2020/05/21 3:15 p.m.•14 views

CVE-2020-7655

netius prior to 1.17.58 is vulnerable to HTTP Request Smuggling. HTTP pipelining issues and request smuggling attacks might be possible due to incorrect Transfer encoding header parsing which could allow for CL:TE or TE:TE attacks...

6.1CVSS6.3AI score

Exploits0References1

CVE•added 2020/05/21 2:15 p.m.•71 views

CVE-2020-7655

Netted details show that netius before 1.17.58 is vulnerable to HTTP Request Smuggling due to incorrect Transfer-Encoding header parsing, enabling CL:TE or TE:TE-style attacks. Affected component is netius (Python library/server) prior to version 1.17.58. Remediation per the sources is to upgrade...

6.1CVSS6.2AI score0.00238EPSS

Exploits0References1Affected Software1

RedHat Linux•added 2020/03/05 12:2 p.m.•5 views

waitress: HTTP request smuggling through invalid Transfer-Encoding

An HTTP-interpretation flaw was found in waitress which did not properly validate incoming HTTP headers. When parsing the Transfer-Encoding header, waitress would look only for a single string value. According to the HTTP standard, Transfer-Encoding should be a comma-separated list, with the...

7.5CVSS7.1AI score0.00795EPSS

Exploits0References5

OSV•added 2020/01/22 7:15 p.m.•21 views

CVE-2019-16792

Waitress through version 1.3.1 allows request smuggling by sending the Content-Length header twice. Waitress would header fold a double Content-Length header and due to being unable to cast the now comma separated value to an integer would set the Content-Length to 0 internally. If two...

7.5CVSS7.2AI score

Exploits0References5

OSV•added 2020/01/22 7:15 p.m.•1 views

UBUNTU-CVE-2019-16792

7.5CVSS6.7AI score0.00851EPSS

Exploits0References4

UbuntuCve•added 2020/01/22 7:15 p.m.•35 views

CVE-2019-16792

7.5CVSS6.8AI score0.00851EPSS

Exploits0References3

OSV•added 2020/01/22 7:15 p.m.•29 views

PYSEC-2020-178

7.5CVSS0.9AI score0.00851EPSS

Exploits0References4

OSV•added 2020/01/22 7:15 p.m.•10 views

PYSEC-2020-197

0.9AI score

Exploits0References3

Debian CVE•added 2020/01/22 6:30 p.m.•21 views

CVE-2019-16792

7.5CVSS7.3AI score0.00851EPSS

Exploits0

Cvelist•added 2020/01/22 6:30 p.m.•21 views

CVE-2019-16792 HTTP Request Smuggling: Content-Length Sent Twice in Waitress

7.1CVSS7.3AI score0.00851EPSS

Exploits0References5

RedhatCVE•added 2020/01/15 7:39 p.m.•27 views

CVE-2019-16786

7.5CVSS0.4AI score0.00795EPSS

Exploits0References4

OSV•added 2019/12/26 5:15 p.m.•1 views

DEBIAN-CVE-2019-16789

In Waitress through version 1.4.0, if a proxy server is used in front of waitress, an invalid request may be sent by an attacker that bypasses the front-end and is parsed differently by waitress leading to a potential for HTTP request smuggling. Specially crafted requests containing special...

8.2CVSS6.2AI score0.01002EPSS

Exploits0References1

Debian CVE•added 2019/12/26 4:40 p.m.•26 views

CVE-2019-16789

8.2CVSS6.3AI score0.01002EPSS

Exploits0

Veracode•added 2019/12/23 7:27 a.m.•58 views

HTTP Request Smuggling

waitress is vulnerable HTTP request smuggling. The vulnerability exists because the library mishandled HTTP request header by not correctly parsing the Transfer-Encoding header, causing the parser to use Content-Length header instead to determine the HTTP message body size, ignoring the requests...

7.5CVSS0.6AI score0.00795EPSS

Exploits0References10Affected Software3

OSV•added 2019/12/20 11:15 p.m.•2 views

DEBIAN-CVE-2019-16786

Waitress through version 1.3.1 would parse the Transfer-Encoding header and only look for a single string value, if that value was not chunked it would fall through and use the Content-Length header instead. According to the HTTP standard Transfer-Encoding should be a comma separated list, with t...

7.5CVSS6.3AI score0.00795EPSS

Exploits0References1