12 matches found
CVE-2026-28368 Undertow: undertow: request smuggling via inconsistent header parsing
A flaw was found in Undertow. This vulnerability allows a remote attacker to construct specially crafted requests where header names are parsed differently by Undertow compared to upstream proxies. This discrepancy in header interpretation can be exploited to launch request smuggling attacks,...
CVE-2026-27444
SEPPmail Secure Email Gateway before version 15.0.1 incorrectly interprets email addresses in the email headers, causing an interpretation conflict with other mail infrastructure that allows an attacker to fake the source of the email or decrypt it...
CVE-2026-27444
SEPPmail Secure Email Gateway before version 15.0.1 incorrectly interprets email addresses in the email headers, causing an interpretation conflict with other mail infrastructure that allows an attacker to fake the source of the email or decrypt it...
Astra Linux – Vulnerability in Python 3.11
When an address list is folded, and the separating comma ends up on a folded line that needs to be encoded using Unicode, then the separator itself must also be encoded using Unicode. The expected behavior is that the separating comma remains a plain comma. However, this can lead to the address...
DEBIAN-CVE-2025-1795
During an address list folding when a separating comma ends up on a folded line and that line is to be unicode-encoded then the separator itself is also unicode-encoded. Expected behavior is that the separating comma remains a plan comma. This can result in the address header being misinterpreted...
The vulnerability of the Header MVC framework for developing web systems and applications in CodeIgniter allows a attacker to trigger a service failure.
The vulnerability of the Header MVC framework used for developing web systems and applications in CodeIgniter relates to conflicts in interpretation when processing HTTP headers’ names and values. Exploiting this vulnerability can allow an attacker to cause service failures remotely...
Mozilla: Truncated signed text was shown with a valid OpenPGP signature
The Mozilla Foundation Security Advisory: When processing a PGP/MIME payload that contains digitally signed text, the first paragraph of the text was never shown to the user. This is because the text was interpreted as a MIME message and the first paragraph was always treated as an email header...
Mozilla: Truncated signed text was shown with a valid OpenPGP signature
The Mozilla Foundation Security Advisory: When processing a PGP/MIME payload that contains digitally signed text, the first paragraph of the text was never shown to the user. This is because the text was interpreted as a MIME message and the first paragraph was always treated as an email header...
The vulnerability of the LLHTTP component in the NodeJS object manipulation software, which allows attackers to enhance their privileges.
The vulnerability of the LLHTTP component in the NodeJS object manipulation software lies in inconsistencies during the interpretation of HTTP request headers. Exploiting this vulnerability can allow an attacker to enhance their privileges remotely...
The vulnerability of the LLHTTP component of the NodeJS object manipulation software allows attackers to enhance their privileges.
The vulnerability of the LLHTTP component in the NodeJS object manipulation software lies in inconsistencies during the interpretation of HTTP request headers. Exploiting this vulnerability can allow an attacker to enhance their privileges remotely...
HTTP Request Smuggling in Netty
HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold."...
CVE-2019-16276
It was discovered that net/http through net/textproto in golang does not correctly interpret HTTP requests where an HTTP header contains spaces before the colon. This could be abused by an attacker to smuggle HTTP requests when a proxy or a firewall is placed behind a server implemented in Go or ...