Improper header validation in httpsoft/http-message

Impact Improper header parsing. An attacker could sneak in a newline \n into both the header names and values. While the specification states that \r\n\r\n is used to terminate the header list, many servers in the wild will also accept \n\n. Patches The issue is patched in 1.0.12. Workarounds The...

GHSA-9JXR-MWPP-W643 Improper header validation in httpsoft/http-message

Impact Improper header parsing. An attacker could sneak in a newline \n into both the header names and values. While the specification states that \r\n\r\n is used to terminate the header list, many servers in the wild will also accept \n\n. Patches The issue is patched in 1.0.12. Workarounds The...

HTTP Request Smuggling

slim/psr7 is vulnerable to Insecure Header Validation. The vulnerability exists in the validateHeaderName function in Headers.php, which allows an attacker to sneak in a newline \n into header names and values, potentially resulting in HTTP cache poisoning or phishing attacks...

PT-2023-32955 · Unknown · Codeigniter

Name of the Vulnerable Software and Affected Versions: CodeIgniter versions prior to 4.5.8 Description: The issue is related to improper header validation for the name and value, which could allow a potential attacker to construct deliberately malformed headers using the Header class. This could...

GHSA-Q2QJ-628G-VHFW Insecure header validation in slim/psr7

Impact An attacker could sneak in a newline \n into both the header names and values. While the specification states that \r\n\r\n is used to terminate the header list, many servers in the wild will also accept \n\n. An attacker that is able to control the header names that are passed to Slilm-Ps...

CVE-2023-30536 Insecure header validation in slim/psr7

slim/psr7 is a PSR-7 implementation for use with Slim 4. In versions prior to 1.6.1 an attacker could sneak in a newline \n into both the header names and values. While the specification states that \r\n\r\n is used to terminate the header list, many servers in the wild will also accept \n\n. An...

CVE-2023-30536 Insecure header validation in slim/psr7

slim/psr7 is a PSR-7 implementation for use with Slim 4. In versions prior to 1.6.1 an attacker could sneak in a newline \n into both the header names and values. While the specification states that \r\n\r\n is used to terminate the header list, many servers in the wild will also accept \n\n. An...

The vulnerability in the implementation of the mTLS protocol for the Envoy proxy server allows a attacker to send hidden HTTP requests (HTTP Request Smuggling attack).

The vulnerability of the mTLS protocol implementation in Envoy proxy servers is related to insufficient validation of input data during the processing of HTTP headers. Exploiting this vulnerability allows a malicious actor to send hidden HTTP requests HTTP Request Smuggling attack...

CVE-2023-1751

The listed versions of Nexx Smart Home devices use a WebSocket server that does not validate if the bearer token in the Authorization header belongs to the device attempting to associate. This could allow any authorized user to receive alarm information and signals meant for other devices which...

CVE-2023-24975

IBM Spectrum Symphony 7.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID...

CLSA-2023-1677783720 tar: Fix of CVE-2022-48303

CVE-2022-48303: check for the end of field after leading byte 0x80 or 0xff of base-256 encoded header value...

SUSE CVE-2016-4544

The exifprocessTIFFinJPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate TIFF start data, which allows remote attackers to cause a denial of service out-of-bounds read or possibly have unspecified other impact via crafted header data...

SUSE CVE-2016-10721

partclone.restore in Partclone 0.2.87 is prone to a heap-based buffer overflow vulnerability due to insufficient validation of the partclone image header. An attacker may be able to execute arbitrary code in the context of the user running the affected application...

SUSE CVE-2017-6596

partclone.chkimg in partclone 0.2.89 is prone to a heap-based buffer overflow vulnerability due to insufficient validation of the partclone image header. An attacker may be able to launch a 'Denial of Service attack' in the context of the user running the affected application...

SUSE CVE-2019-20907

In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because procpax lacks header validation...

SUSE CVE-2020-5236

Waitress version 1.4.2 allows a DOS attack When waitress receives a header that contains invalid characters. When a header like "Bad-header: xxxxxxxxxxxxxxx\x10" is received, it will cause the regular expression engine to catastrophically backtrack causing the process to use 100% CPU time and...

SUSE CVE-2021-43797

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. Netty prior to version 4.1.71.Final skips control chars when they are present at the beginning / end of the header name. It should instead fail fa...

SUSE CVE-2022-41915

Netty project is an event-driven asynchronous network application framework. Starting in version 4.1.83.Final and prior to 4.1.86.Final, when calling DefaultHttpHeadesr.set with an iterator of values, header value validation was not performed, allowing malicious header values in the iterator to...

IBM Sterling Secure Proxy 跨站脚本漏洞

IBM Sterling Secure Proxy is an application proxy from International Business Machines IBM that is used to ensure the secure transfer of files in an organization's unprotected zone DMZ. A cross-site scripting vulnerability exists in IBM Sterling Secure Proxy version 6.0.3 that stems from improper...

CRLF Injection

Overview swift-server/async-http-client is a HTTP Client library built on top of SwiftNIO Affected versions of this package are vulnerable to CRLF Injection due to insufficient validation of HTTP header field values before sending them to the network. Users are vulnerable if they pass untrusted...