Lucene search
K

16600 matches found

GithubExploit
GithubExploit
added 2024/09/23 4:11 p.m.74 views

Exploit for CVE-2024-7954

RCECVE-2024-7954 Description: The porteplume plugin used by...

9.8CVSS9.8AI score0.89783EPSS
Exploits10
RedhatCVE
RedhatCVE
added 2024/09/23 5:10 a.m.15 views

CVE-2024-47220

A flaw was found in the webrick toolkit. This issue occurs because the server incorrectly handles requests with both Content-Length and Transfer-Encoding headers. This can allow an attacker to sneak in an extra request such as GET /admin after the normal request POST /user. As a result,...

7.5CVSS6.5AI score0.00393EPSS
Exploits0References5
Redos
Redos
added 2024/09/23 12:0 a.m.13 views

ROS-20240923-04

A vulnerability in the Node.js software platform is related to flaws in HTTP request processing. Exploitation vulnerability could allow an attacker acting remotely to send a covert HTTP request HTTP Request Smuggling attack. HTTP Request Smuggling...

6.5CVSS7AI score0.01155EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2024/09/22 3:30 a.m.60 views

HTTP Request Smuggling in ruby webrick

An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n" request. NOTE: the supplier's position is "Webric...

6.8AI score0.00393EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2024/09/22 3:30 a.m.13 views

GHSA-6F62-3596-G6W7 HTTP Request Smuggling in ruby webrick

An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n" request. NOTE: the supplier's position is "Webric...

7.5CVSS7.4AI score0.00393EPSS
Exploits0References8
OSV
OSV
added 2024/09/22 1:15 a.m.3 views

DEBIAN-CVE-2024-47220

An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n" request. NOTE: the supplier's position is "Webric...

6.5AI score0.00393EPSS
Exploits0References1
NVD
NVD
added 2024/09/22 1:15 a.m.18 views

CVE-2024-47220

An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n" request. NOTE: the supplier's position is "Webric...

0.00393EPSS
Exploits0References4
OSV
OSV
added 2024/09/22 1:15 a.m.17 views

CVE-2024-47220

An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n" request. NOTE: the supplier's position is "Webric...

6.9AI score
Exploits0References4
RubySec
RubySec
added 2024/09/22 12:0 a.m.13 views

HTTP Request Smuggling in ruby webrick

An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n" request. NOTE: the supplier''s position is "Webri...

6.7AI score0.00393EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/09/22 12:0 a.m.22 views

CVE-2024-47220

An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n" request. NOTE: the supplier's position is "Webric...

0.00393EPSS
Exploits0References4
CVE
CVE
added 2024/09/22 12:0 a.m.371 views

CVE-2024-47220

The CVE-2024-47220 issue affects the WEBrick toolkit in Ruby (through 1.8.1). It enables HTTP request smuggling by sending both Content-Length and Transfer-Encoding in the same request, e.g., a crafted GET line embedded in a POST request. The advisory notes WEBrick should not be used in productio...

7.2AI score0.00393EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/09/22 12:0 a.m.14 views

CVE-2024-47220

An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n" request. NOTE: the supplier's position is "Webric...

6.9AI score0.00393EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2024/09/22 12:0 a.m.13 views

CVE-2024-47220

An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n" request. NOTE: the supplier's position is "Webric...

6.5AI score0.00393EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2024/09/21 12:0 a.m.5 views

PT-2024-32484 · Ruby +4 · Webrick +4

Name of the Vulnerable Software and Affected Versions: WEBrick toolkit versions through 1.8.1 Description: An issue was discovered in the WEBrick toolkit for Ruby, allowing HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header. This can be achieved, for...

8.7CVSS6.7AI score0.01429EPSS
Exploits0References72
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/20 9:20 p.m.31 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in urllib3-1.26.18-py2.py3-none-any.whl

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of urllib3-1.26.18-py2.py3-none-any.whl Vulnerability Details CVEID:CVE-2024-37891 DESCRIPTION: urllib3 could allow a remote authenticated attacker to obtain sensitive information, caused by the failure to strip...

6.5CVSS4.9AI score0.01141EPSS
Exploits1Affected Software1
AlpineLinux
AlpineLinux
added 2024/09/19 10:51 p.m.14 views

CVE-2024-45410

Traefik is a golang, Cloud Native Application Proxy. When a HTTP request is processed by Traefik, certain HTTP headers such as X-Forwarded-Host or X-Forwarded-Port are added by Traefik before the request is routed to the application. For a HTTP client, it should not be possible to remove or modif...

9.8CVSS8.6AI score0.01513EPSS
Exploits0
NVD
NVD
added 2024/09/19 5:15 p.m.17 views

CVE-2024-8651

A vulnerability in NetCat CMS allows an attacker to send a specially crafted http request that can be used to check whether a user exists in the system, which could be a basis for further attacks. This issue affects NetCat CMS v. 6.4.0.24126.2 and possibly others. Apply patch from vendor...

6.9CVSS0.00427EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/09/19 4:30 p.m.24 views

CVE-2024-8651 Netcat CMS: user enumeration

A vulnerability in NetCat CMS allows an attacker to send a specially crafted http request that can be used to check whether a user exists in the system, which could be a basis for further attacks. This issue affects NetCat CMS v. 6.4.0.24126.2 and possibly others. Apply patch from vendor...

6.9CVSS0.00427EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/09/19 4:30 p.m.28 views

CVE-2024-8651 Netcat CMS: user enumeration

A vulnerability in NetCat CMS allows an attacker to send a specially crafted http request that can be used to check whether a user exists in the system, which could be a basis for further attacks. This issue affects NetCat CMS v. 6.4.0.24126.2 and possibly others. Apply patch from vendor...

6.9CVSS7.1AI score0.00427EPSS
Exploits0References1
CVE
CVE
added 2024/09/19 4:30 p.m.45 views

CVE-2024-8651

CVE-2024-8651 — NetCat CMS: user enumeration involves a vulnerability where an attacker can send a specially crafted HTTP request to check whether a user exists in the system. Affected are NetCat CMS versions around 6.4.0.24126.2 up to 6.4.0.24247, with a patch available starting from 6.4.0.24248...

6.9CVSS5.3AI score0.00427EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder