GHSA-MGC4-WQV7-4PXM SwiftNIO vulnerable to HTTP request smuggling using malformed Transfer-Encoding header

Impact Affected SwiftNIO systems are vulnerable to request smuggling attacks, in which they parse a given HTTP message differently from other network parties, potentially seeing a different number of requests than other servers. This can lead to failures of authentication, routing, and other...

SwiftNIO vulnerable to HTTP request smuggling using malformed Transfer-Encoding header

Affected SwiftNIO systems are vulnerable to request smuggling attacks, in which they parse a given HTTP message differently from other network parties, potentially seeing a different number of requests than other servers. This can lead to failures of authentication, routing, and other issues. Thi...

K18263026: The BIG-IP HTTP parser can incorrectly parse a tab character

Security Advisory Description When scanning a URI, the HTTP parser on the BIG-IP system may periodically treat a tab character as white space, which causes incorrect URI parsing. For example, the BIG-IP system receives the following GET string in an HTTP request: GET \t/admin/ HTTP/1.0\r\n\r\n...

K27228191: Node.js vulnerability CVE-2018-7159

Security Advisory Description The HTTP parser in all current versions of Node.js ignores spaces in the Content-Length header, allowing input such as Content-Length: 1 2 to be interpreted as having a value of 12. The HTTP specification does not allow for spaces in the Content-Length value and the...

K27551003: The BIG-IP system may not interpret an HTTP request the same way the target web server interprets it

Security Advisory Description This issue occurs when all of the following conditions are met: A virtual server is associated with an HTTP profile. An iRule or LTM policy that uses HTTP header information is associated with the virtual server. The BIG-IP system receives a specially crafted HTTP...

SUSE CVE-2004-0386

Buffer overflow in the HTTP parser for MPlayer 1.0pre3 and earlier, 0.90, and 0.91 allows remote attackers to execute arbitrary code via a long Location header...

SUSE CVE-2016-10190

Heap-based buffer overflow in libavformat/http.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote web servers to execute arbitrary code via a negative chunk size in an HTTP response...

SUSE CVE-2018-7159

The HTTP parser in all current versions of Node.js ignores spaces in the Content-Length header, allowing input such as Content-Length: 1 2 to be interpreted as having a value of 12. The HTTP specification does not allow for spaces in the Content-Length value and the Node.js HTTP parser has been...

SUSE-SU-2023:0413-1 Security update for haproxy

This update for haproxy fixes the following issues: - CVE-2023-25725: Fixed a serious vulnerability in the HTTP/1 parser bsc1208132. - CVE-2023-0056: Fixed denial of service via crash in httpwaitforresponse bsc1207181...

SUSE-SU-2023:0412-1 Security update for haproxy

This update for haproxy fixes the following issues: - CVE-2023-25725: Fixed a serious vulnerability in the HTTP/1 parser bsc1208132. - CVE-2023-0056: Fixed denial of service via crash in httpwaitforresponse bsc1207181...

Debian: Security Advisory (DLA-3224-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 3224-1] http-parser security update

----------------------------------------------------------------------- Debian LTS Advisory DLA-3224-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta December 05, 2022 https://wiki.debian.org/LTS -...

DLA-3224-1 http-parser - security update

Bulletin has no description...

Updated http-parser packages fix security vulnerability

http-parser could be made to expose sensitive data if it received a specially crafted request. CVE-2020-8287...

MGASA-2022-0393 Updated http-parser packages fix security vulnerability

http-parser could be made to expose sensitive data if it received a specially crafted request. CVE-2020-8287...

Mageia: Security Advisory (MGASA-2022-0393)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-5563-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-5563-1: http-parser vulnerability

It was discovered that http-parser incorrectly handled certain requests. An attacker could possibly use this issue to bypass security controls or gain unauthorized access to sensitive data...

USN-5563-1 http-parser vulnerability

It was discovered that http-parser incorrectly handled certain requests. An attacker could possibly use this issue to bypass security controls or gain unauthorized access to sensitive data...

Ubuntu 18.04 LTS : http-parser vulnerability (USN-5563-1)

The remote Ubuntu 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5563-1 advisory. It was discovered that http-parser incorrectly handled certain requests. An attacker could possibly use this issue to bypass security controls or gain unauthorize...