15 matches found
Starman 环境问题漏洞
Starman is a high-performance pre-derived web server developed by Tatsuhiko Miyagawa. Versions of Starman prior to 0.4018 contained an environmental issue vulnerability. This vulnerability stemmed from the HTTP request intercalation technique. Due to improper handling of header priorities, Starma...
Huawei EulerOS: Security Advisory for libsoup (EulerOS-SA-2026-1371)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : cpp-httplib vulnerability (USN-7962-1)
The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by a vulnerability as referenced in the USN-7962-1 advisory. It was discovered that cpp-httplib did not correctly handle HTTP headers. A remote attacker could possibly use this issue to bypass...
MiracleLinux 7 : httpd24-nghttp2-1.7.1-7.el7, httpd24-curl-7.61.1-1.el7, httpd24-httpd-2.4.34-7.el7 (AXSA:2019-3739:01)
The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2019-3739:01 advisory. httpd: Improper handling of headers in modsession can allow a remote user to modify session data for CGI applications CVE-2018-1283 httpd: Out of...
USN-7962-1 cpp-httplib vulnerability
It was discovered that cpp-httplib did not correctly handle HTTP headers. A remote attacker could possibly use this issue to bypass authorization and impersonate users...
PbootCMS 安全漏洞
PbootCMS is PbootCMS open source an open source enterprise website content management system CMS developed using PHP language. A security vulnerability exists in PbootCMS 3.2.12 and earlier versions, which stems from the incorrect operation of the Header Handler component function getuserip on th...
CVE-2025-13803 MediaCrush Header paths.py http headers for scripting syntax
A vulnerability was identified in MediaCrush 1.0.0/1.0.1. The affected element is an unknown function of the file /mediacrush/paths.py of the component Header Handler. Such manipulation of the argument Host leads to improper neutralization of http headers for scripting syntax. The attack can be...
USN-7568-1 requests vulnerabilities
Dennis Brinkrolf and Tobias Funke discovered that Requests did not correctly handle certain HTTP headers. A remote attacker could possibly use this issue to leak sensitive information. This issue only affected Ubuntu 14.04 LTS. CVE-2023-32681 Juho Forsén discovered that Requests did not correctly...
The vulnerability of the netdevsim component in the Linux operating system’s kernel allows a hacker to trigger a service failure.
The vulnerability of the netdevsim component in the Linux operating system’s kernel is related to improper handling of the network packet header in the nsimdevhealthbreakwrite function. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the aiohttp HTTP client, related to deficiencies in handling HTTP request headers, allows attackers to send hidden HTTP requests (HTTP Request Smuggling attack).
The vulnerability of the aiohttp HTTP client is related to deficiencies in the handling of HTTP request headers. Exploiting this vulnerability allows an attacker to send hidden HTTP requests remotely HTTP Request Smuggling attack...
SUSE CVE-2019-19886
Trustwave ModSecurity 3.0.0 through 3.0.3 allows an attacker to send crafted requests that may, when sent quickly in large volumes, lead to the server becoming slow or unresponsive Denial of Service because of a flaw in Transaction::addRequestHeader in transaction.cc...
Information Exposure
Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Information Exposure due to improper handling of HTTP headers in filelib.php. An attacker can access sensitive information by intercepting requests to a caching proxy server that has previously...
haproxy: HTTP/2 implementation vulnerable to intermediary encapsulation attacks
The HTTP/2 implementation in HAProxy before 2.0.10 mishandles headers, as demonstrated by carriage return CR, ASCII 0xd, line feed LF, ASCII 0xa, and the zero character NUL, ASCII 0x0, aka Intermediary Encapsulation Attacks...
DEBIAN-CVE-2019-19886
Trustwave ModSecurity 3.0.0 through 3.0.3 allows an attacker to send crafted requests that may, when sent quickly in large volumes, lead to the server becoming slow or unresponsive Denial of Service because of a flaw in Transaction::addRequestHeader in transaction.cc...
CVE-2019-19240
Embedthis GoAhead before 5.0.1 mishandles redirected HTTP requests with a large Host header. The GoAhead WebsRedirect uses a static host buffer that has a limited length and can overflow. This can cause a copy of the Host header to fail, leaving that buffer uninitialized, which may leak...