4 matches found
dovecot: denial of service via specially crafted NOOP command
A flaw was found in dovecot. An unauthenticated and remote attacker can send a specially crafted "NOOP" command containing numerous open and close parentheses without a command-ending line feed, causing the server to allocate an excessive amount of memory, resulting in a denial of service...
net/http: Request smuggling due to acceptance of invalid chunked data in net/http
A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed LF instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to se...
net/http: Request smuggling due to acceptance of invalid chunked data in net/http
A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed LF instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to se...
The vulnerability of the WSGI server for Python Waitress, related to HTTP request processing flaws, allows attackers to compromise data integrity.
The vulnerability of the WSGI server for Python Waitress is related to the uncertainty in recognizing a single LF character as a line feed. Exploiting this vulnerability allows an attacker to compromise data integrity...