MiracleLinux 7 : rh-nodejs14-nodejs-nodemon-2.0.19-1.el7, rh-nodejs14-nodejs-14.20.0-2.el7 (AXSA:2022-3813:02)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3813:02 advisory. nodejs: DNS rebinding in --inspect via invalid IP addresses CVE-2022-32212 nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding...

HTTP Request Smuggling

Overview org.webjars.npm:h3 is a Minimal HTTP framework built for high performance and portability. Affected versions of this package are vulnerable to HTTP Request Smuggling via improper parsing of the Transfer-Encoding header in the readRawBody function. An attacker can bypass security controls...

CVE-2020-7658

meinheld prior to 1.0.2 is vulnerable to HTTP Request Smuggling. HTTP pipelining issues and request smuggling attacks might be possible due to incorrect Content-Length and Transfer encoding header parsing...

SUSE CVE-2019-16786

Waitress through version 1.3.1 would parse the Transfer-Encoding header and only look for a single string value, if that value was not chunked it would fall through and use the Content-Length header instead. According to the HTTP standard Transfer-Encoding should be a comma separated list, with t...

ALSA-2022:6448 Moderate: nodejs:14 security and bug fix update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: DNS rebinding in --inspect via invalid IP addresses CVE-2022-32212 nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encodi...

HTTP Request Smuggling

Overview agoo is a fast HTTP server supporting rack. Affected versions of this package are vulnerable to HTTP Request Smuggling. HTTP pipelining issues and request smuggling attacks might be possible due to incorrect Content-Length and Transfer encoding header parsing. It is possible to conduct...

meinheld environment error vulnerability

meinheld is a WSGI Web Server Gateway Interface asynchronous Web server from the Japanese software developer Yutaka Matsubara. An environment error vulnerability exists in meinheld because the program does not properly parse the Content-Length and Transfer Encoding headers. An attacker could...

HTTP Request Smuggling

Overview netius is a Python network library that can be used for the rapid creation of asynchronous non-blocking servers and clients. Affected versions of this package are vulnerable to HTTP Request Smuggling. HTTP pipelining issues and request smuggling attacks might be possible due to incorrect...

PT-2019-6225 · Waitress +3 · Waitress +3

Name of the Vulnerable Software and Affected Versions: Waitress versions prior to 1.4.0 Description: The issue is related to the incorrect parsing of the Transfer-Encoding header in Waitress. According to the HTTP standard, Transfer-Encoding should be a comma-separated list with the inner-most...