Lucene search
K

26 matches found

RedHat Linux
RedHat Linux
added 2022/02/03 12:12 p.m.72 views

varnish: HTTP/1 request smuggling vulnerability

A flaw was found in Varnish. This flaw allows an attacker to carry out a request smuggling attack on HTTP/1 connections on Varnish cache servers. This smuggled request goes through the usual Varnish Configuration Language VCL processing since the Varnish server treats it as an additional request...

9.1CVSS7AI score0.01973EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2022/01/26 1:15 a.m.6 views

CVE-2022-23959

In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS before 6.0.10, and and Varnish Enterprise Cache Plus 4.1.x before 4.1.11r6 and 6.0.x before 6.0.9r4, request smuggling can occur for HTTP/1 connections...

9.1CVSS5.3AI score0.01973EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2021/10/20 11:29 a.m.3 views

netty: Request smuggling via content-length header

A flaw was found in Netty. There is an issue where the content-length header is not validated correctly if the request uses a single Http2HeaderFrame with the endstream set to true. This flaw leads to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. The...

5.9CVSS7.1AI score0.04935EPSS
Exploits0References5
OSV
OSV
added 2021/04/06 5:31 p.m.4 views

GHSA-26VR-8J45-3R4W Jetty vulnerable to incorrect handling of invalid large TLS frame, exhausting CPU resources

Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large greater than 17408 TLS frame that is incorrectly handled, causing CPU resources to eventually reach 100% usage. Workarounds The problem can be worked around by compiling the...

7.5CVSS7.2AI score0.53861EPSS
Exploits1References109
RedHat Linux
RedHat Linux
added 2021/03/16 1:19 p.m.5 views

Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests

A flaw was discovered in Undertow where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from...

6.5CVSS7.3AI score0.02712EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/03/05 7:1 p.m.14 views

envoy: Response flooding for HTTP/1.1

A resource consumption vulnerability was found in the servicemesh-proxy in Envoy. An attacker could use pipelined requests to cause excessive amounts of memory to be used, possibly degrading or crashing the application...

7.5CVSS7AI score0.01823EPSS
Exploits0References5
Rows per page
Query Builder