1141 matches found
HTTP Request Smuggling
Overview webrick is a HTTP server toolkit that can be configured as an HTTPS server, a proxy server, and a virtual-host server. Affected versions of this package are vulnerable to HTTP Request Smuggling when httprequest.rb processes a request with both Content-Length and Transfer-Encoding headers...
CVE-2024-47220
An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n" request. NOTE: the supplier's position is "Webric...
HTTP Request Smuggling in ruby webrick
An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n" request. NOTE: the supplier''s position is "Webri...
CVE-2024-47220
An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n" request. NOTE: the supplier's position is "Webric...
Webrick 安全漏洞
Webrick is an HTTP server toolkit open-sourced by The Ruby Programming Language. A security vulnerability exists in Webrick version 1.8.1 that originates from allowing HTTP requests to be smuggled by providing the Content-Length header and the Transfer-Encoding header...
PT-2024-32484 · Ruby +4 · Webrick +4
Name of the Vulnerable Software and Affected Versions: WEBrick toolkit versions through 1.8.1 Description: An issue was discovered in the WEBrick toolkit for Ruby, allowing HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header. This can be achieved, for...
Integer Overflow in Chunked Transfer-Encoding
...
OESA-2024-2103 netty3 security update
Netty is a NIO client server framework which enables quick and easy development of network applications such as protocol servers and clients. It greatly simplifies and streamlines network programming such as TCP and UDP socket server. Security Fixes: Netty before 4.1.42.Final mishandles whitespac...
Apache Tomcat Transfer-Encoding Information Disclosure and Denial of Service
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Tomcat Transfer-Encoding Information Disclosure and DoS', 'Description' = %q Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and...
OESA-2024-2068 netty3 security update
Netty is a NIO client server framework which enables quick and easy development of network applications such as protocol servers and clients. It greatly simplifies and streamlines network programming such as TCP and UDP socket server. Security Fixes: Netty before 4.1.42.Final mishandles whitespac...
OESA-2024-2069 netty3 security update
Netty is a NIO client server framework which enables quick and easy development of network applications such as protocol servers and clients. It greatly simplifies and streamlines network programming such as TCP and UDP socket server. Security Fixes: Netty before 4.1.42.Final mishandles whitespac...
OESA-2024-2066 netty3 security update
Netty is a NIO client server framework which enables quick and easy development of network applications such as protocol servers and clients. It greatly simplifies and streamlines network programming such as TCP and UDP socket server. Security Fixes: Netty before 4.1.42.Final mishandles whitespac...
OESA-2024-2067 netty3 security update
Netty is a NIO client server framework which enables quick and easy development of network applications such as protocol servers and clients. It greatly simplifies and streamlines network programming such as TCP and UDP socket server. Security Fixes: Netty before 4.1.42.Final mishandles whitespac...
netty: HttpObjectDecoder.java allows Content-Length header to accompanied by second Content-Length header
A flaw was found in Netty before version 4.1.44, where it accepted multiple Content-Length headers and also accepted both Transfer-Encoding, as well as Content-Length headers where it should reject the message under such circumstances. In circumstances where Netty is used in the context of a...
K000140787: Gunicorn vulnerability CVE-2024-1135
Security Advisory Description Gunicorn fails to properly validate Transfer-Encoding headers, leading to HTTP Request Smuggling HRS vulnerabilities. By crafting requests with conflicting Transfer-Encoding headers, attackers can bypass security restrictions and access restricted endpoints. This iss...
SUSE SLES15 / openSUSE 15 Security Update : python-gunicorn (SUSE-SU-2024:2881-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2881-1 advisory. - CVE-2024-1135: Fixed HTTP Request Smuggling due to improperly validate Transfer-Encoding headers bsc1222950 Tenable has...
MGASA-2024-0236 Updated python-gunicorn packages fix security vulnerability
Gunicorn fails to properly validate Transfer-Encoding headers, leading to HTTP Request Smuggling HRS vulnerabilities. By crafting requests with conflicting Transfer-Encoding headers, attackers can bypass security restrictions and access restricted endpoints. This issue is due to Gunicorn's handli...
Updated python-gunicorn packages fix security vulnerability
Gunicorn fails to properly validate Transfer-Encoding headers, leading to HTTP Request Smuggling HRS vulnerabilities. By crafting requests with conflicting Transfer-Encoding headers, attackers can bypass security restrictions and access restricted endpoints. This issue is due to Gunicorn's handli...
python-gunicorn: HTTP Request Smuggling due to improper validation of Transfer-Encoding headers
An HTTP Request Smuggling vulnerability was found in Gunicorn. By crafting requests with conflicting Transfer-Encoding headers, attackers can bypass security restrictions and access restricted endpoints. This issue is due to Gunicorn's handling of Transfer-Encoding headers, where it incorrectly...
RHEL 8 : Red Hat OpenStack Platform 16.2 (python-gunicorn) (RHSA-2024:4054)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:4054 advisory. Gunicorn Green Unicorn is a Python WSGI HTTP server for UNIX. Security Fixes: HTTP Request Smuggling due to improper validation of Transfer-Encoding...