Lucene search
K

85 matches found

RedHat Linux
RedHat Linux
added 2021/08/10 7:52 a.m.2 views

golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header

A vulnerability was detected in net/http of the Go standard library when parsing very large HTTP header values, causing a crash and subsequent denial of service. This vulnerability affects both clients and servers written in Go, however, servers are only vulnerable if the value of MaxHeaderBytes...

5.9CVSS7.1AI score0.03692EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2021/07/13 4:56 p.m.3 views

golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header

A vulnerability was detected in net/http of the Go standard library when parsing very large HTTP header values, causing a crash and subsequent denial of service. This vulnerability affects both clients and servers written in Go, however, servers are only vulnerable if the value of MaxHeaderBytes...

5.9CVSS7.1AI score0.03692EPSS
Exploits0References5
Microsoft CVE
Microsoft CVE
added 2021/06/09 7:0 a.m.7 views

net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server Transport and Client can each be affected in some configurations.

...

5.9CVSS6.4AI score0.03692EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2021/06/06 7:0 a.m.5 views

Node.js: All versions prior to Node.js 6.15.0 8.14.0 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By using a combination of many requests with maximum sized headers (almost 80 KB per connection) and carefully timed completion of the headers it is possible to cause the HTTP server to abort from heap allocation failure. Attack potential is mitigated by the use of a load balancer or other proxy layer.

...

7.5CVSS9.3AI score0.10207EPSS
Exploits0
OSV
OSV
added 2021/05/27 1:15 p.m.4 views

DEBIAN-CVE-2021-31525

net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service panic via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations...

5.9CVSS6.7AI score0.03692EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/05/27 12:0 a.m.3 views

Google Golang 安全漏洞

Google Go is a static strongly typed, compiled, concatenated, and garbage-collected programming language from Google. A security vulnerability exists in Go versions prior to 1.15.12 and 1.16.x prior to 1.16.4, which can be exploited by remote attackers to cause a denial of service by sending a...

5.9CVSS7.4AI score0.03692EPSS
Exploits0References49
Tenable Nessus
Tenable Nessus
added 2021/05/07 12:0 a.m.39 views

FreeBSD : go -- net/http: ReadRequest can stack overflow due to recursion with very large headers (7f242313-aea5-11eb-8151-67f74cf7c704)

The Go project reports : http.ReadRequest can stack overflow due to recursion when given a request with a very large header 8-10MB depending on the architecture. A http.Server which overrides the default max header of 1MB by setting Server.MaxHeaderBytes to a much larger value could also be...

5.9CVSS7.4AI score0.03692EPSS
Exploits0References3
FreeBSD
FreeBSD
added 2021/04/22 12:0 a.m.35 views

go -- net/http: ReadRequest can stack overflow due to recursion with very large headers

The Go project reports: http.ReadRequest can stack overflow due to recursion when given a request with a very large header 8-10MB depending on the architecture. A http.Server which overrides the default max header of 1MB by setting Server.MaxHeaderBytes to a much larger value could also be...

5.9CVSS3AI score0.03692EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2020/10/22 10:49 a.m.7 views

jetty: double release of resource can lead to information disclosure

In Eclipse Jetty, versions 9.4.27.v20200227 to 9.4.29.v20200521, in case of too large response headers, Jetty throws an exception to produce an HTTP 431 error. When this happens, the ByteBuffer containing the HTTP response headers is released back to the ByteBufferPool twice. Because of this doub...

9.4CVSS7.4AI score0.11138EPSS
Exploits0References6
OSV
OSV
added 2020/07/09 6:15 p.m.2 views

DEBIAN-CVE-2019-17638

In Eclipse Jetty, versions 9.4.27.v20200227 to 9.4.29.v20200521, in case of too large response headers, Jetty throws an exception to produce an HTTP 431 error. When this happens, the ByteBuffer containing the HTTP response headers is released back to the ByteBufferPool twice. Because of this doub...

9.4CVSS8.6AI score0.11138EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2019/11/05 9:34 p.m.5 views

nodejs: Denial of Service with large HTTP headers

Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By using a combination of many requests with maximum sized headers almost 80 KB per connection, and carefully timed completion of the headers, it is possible to cause the HTTP...

7.5CVSS6.7AI score0.10207EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2019/10/01 10:3 a.m.3 views

nodejs: Denial of Service with large HTTP headers

Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By using a combination of many requests with maximum sized headers almost 80 KB per connection, and carefully timed completion of the headers, it is possible to cause the HTTP...

7.5CVSS6.7AI score0.10207EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2019/07/22 1:39 p.m.2 views

nodejs: Denial of Service with large HTTP headers

Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By using a combination of many requests with maximum sized headers almost 80 KB per connection, and carefully timed completion of the headers, it is possible to cause the HTTP...

7.5CVSS6.7AI score0.10207EPSS
Exploits0References4
OSV
OSV
added 2018/11/28 5:29 p.m.5 views

UBUNTU-CVE-2018-12121

Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By using a combination of many requests with maximum sized headers almost 80 KB per connection, and carefully timed completion of the headers, it is possible to cause the HTTP...

7.5CVSS7.2AI score0.10207EPSS
Exploits0References4
OSV
OSV
added 2018/11/28 5:29 p.m.5 views

ALPINE-CVE-2018-12121

Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By using a combination of many requests with maximum sized headers almost 80 KB per connection, and carefully timed completion of the headers, it is possible to cause the HTTP...

7.5CVSS8.9AI score0.10207EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2018/11/28 5:0 p.m.45 views

CVE-2018-12121

Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By using a combination of many requests with maximum sized headers almost 80 KB per connection, and carefully timed completion of the headers, it is possible to cause the HTTP...

7.5CVSS7.7AI score0.10207EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2018/11/27 12:0 a.m.6 views

PT-2018-11028 · Node.Js +4 · Node.Js +4

Name of the Vulnerable Software and Affected Versions: Node.js versions prior to 6.15.0 Node.js versions prior to 8.14.0 Node.js versions prior to 10.14.0 Node.js versions prior to 11.3.0 Description: The issue allows for a Denial of Service with large HTTP headers. By using a combination of many...

9.8CVSS6.7AI score0.95707EPSS
Exploits54References567
RedHat Linux
RedHat Linux
added 2016/07/27 3:28 p.m.5 views

OOME from EAP 6 http management console

It was discovered that sending requests containing large headers to the Web Console produced a Java OutOfMemoryError in the HTTP management interface. An attacker could use this flaw to cause a denial of service...

5CVSS7.4AI score0.02978EPSS
Exploits0References4
OSV
OSV
added 2016/01/12 7:59 p.m.3 views

DEBIAN-CVE-2015-1779

The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service memory and CPU consumption via a large 1 websocket payload or 2 HTTP headers section...

8.6CVSS7.6AI score0.07393EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2015/10/15 3:58 p.m.3 views

OOME from EAP 6 http management console

It was discovered that sending requests containing large headers to the Web Console produced a Java OutOfMemoryError in the HTTP management interface. An attacker could use this flaw to cause a denial of service...

5CVSS7.4AI score0.02978EPSS
Exploits0References4
Rows per page
Query Builder