CVE-2015-5741

CVE-2015-5741 : The Go net/http implementation (net/http/transfer.go) before 1.4.3 fails to correctly parse HTTP headers, enabling remote attackers to perform HTTP request smuggling via requests containing both Content-Length and Transfer-Encoding. This is documented across multiple sources in th...

Amazon Linux 2 : golang, --advisory ALAS2-2020-1383 (ALAS-2020-1383)

The version of golang installed on the remote host is prior to 1.13.4-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2020-1383 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. C...

Amazon Linux AMI : golang (ALAS-2020-1336)

The version of golang installed on the remote host is prior to 1.13.4-1.57. It is, therefore, affected by a vulnerability as referenced in the ALAS-2020-1336 advisory. It was discovered that net/http through net/textproto in golang does not correctly interpret HTTP requests where an HTTP header...

Low: golang

Issue Overview: No CVE associated with this advisory Affected Packages: golang Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue Correction: Run yum update golang or yum update...

Medium: golang

Issue Overview: It was discovered that net/http through net/textproto in golang does not correctly interpret HTTP requests where an HTTP header contains spaces before the colon. This could be abused by an attacker to smuggle HTTP requests when a proxy or a firewall is placed behind a server...

Medium: golang

Issue Overview: It was discovered that net/http through net/textproto in golang does not correctly interpret HTTP requests where an HTTP header contains spaces before the colon. This could be abused by an attacker to smuggle HTTP requests when a proxy or a firewall is placed behind a server...

WordPress Arforms 3.7.1 Directory Traversal

Exploit Title: WordPress Arforms 3.7.1 - Directory Traversal Date: 2019-09-27 Exploit Author: Ahmad Almorabea Updated version of the exploit can be found always at : http://almorabea.net/cve-2019-16902.txt Software Link: https://www.arformsplugin.com/documentation/changelog/ Version: 3.7.1 CVE ID...

CVE-2019-9741

An issue was discovered in net/http in Go 1.11.5. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the second argument to http.NewRequest with \r\n followed by an HTTP header or a Redis command...

go -- invalid headers are normalized, allowing request smuggling

The Go project reports: net/http through net/textproto used to accept and normalize invalid HTTP/1.1 headers with a space before the colon, in violation of RFC 7230. If a Go server is used behind a reverse proxy that accepts and forwards but doesn't normalize such invalid headers, the reverse pro...

Security Bulletin: IBM Cloud Kubernetes Service is affected by Kubernetes security vulnerabilities (CVE-2019-9512, CVE-2019-9514)

Summary IBM Cloud Kubernetes Service is affected by security vulnerabilities in the net/http library of the Go language that affects all Kubernetes components. These vulnerabilities can result in a denial-of-service attack against a process with an HTTP or HTTPS listener CVE-2019-9512 and...

Node.js: Http response is not ended although underlying socket is already destroyed

Summary: When node server receives http request and hooks to end, finish and error events are attached on response object to handle cases when response is closed/ended but underlying socket is abruptly terminated then none of those events is fired. This leads to state when response seems to be...

golang: CRLF injection in net/http

An issue was discovered in net/http in Go 1.11.5. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the second argument to http.NewRequest with \r\n followed by an HTTP header or a Redis command...

Moderate: Red Hat Security Advisory: go-toolset:rhel8 security update

An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

golang: CRLF injection in net/http

An issue was discovered in net/http in Go 1.11.5. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the second argument to http.NewRequest with \r\n followed by an HTTP header or a Redis command...

Crlf injection

An issue was discovered in net/http in Go 1.11.5. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the second argument to http.NewRequest with \r\n followed by an HTTP header or a Redis command...

AZL-38599 CVE-2019-9741 affecting package python-tensorboard for versions less than 2.16.2-1

An issue was discovered in net/http in Go 1.11.5. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the second argument to http.NewRequest with \r\n followed by an HTTP header or a Redis command...

UBUNTU-CVE-2019-9741

An issue was discovered in net/http in Go 1.11.5. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the second argument to http.NewRequest with \r\n followed by an HTTP header or a Redis command...

CVE-2019-9741

Removed by vendor...

CVE-2019-9741

An issue was discovered in net/http in Go 1.11.5. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the second argument to http.NewRequest with \r\n followed by an HTTP header or a Redis command...

CVE-2019-9741

CVE-2019-9741 affects Go’s net/http in Go 1.11.5, enabling CRLF injection when an attacker controls a URL parameter. The issue arises from constructing an HTTP request with http.NewRequest where a CRLF sequence can precede a header or Redis command, allowing potential header injection and related...