CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1141 matches found

UbuntuCve•added 2024/01/08 2:15 p.m.•35 views

CVE-2024-21647

Puma is a web server for Ruby/Rack applications built for parallelism. Prior to version 6.4.2, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies in a way that allowed HTTP request smuggling. Fixed versions limits the size of chunk extensions. Without this limit, an...

7.5CVSS6.6AI score0.0246EPSS

Exploits0References4

OSV•added 2024/01/08 1:45 p.m.•30 views

CVE-2024-21647 HTTP Request/Response Smuggling in puma

5.9CVSS6AI score0.0246EPSS

Exploits0References5

Debian CVE•added 2024/01/08 1:45 p.m.•33 views

CVE-2024-21647

7.5CVSS6.4AI score0.0246EPSS

Exploits0

Vulnrichment•added 2024/01/08 1:45 p.m.•9 views

CVE-2024-21647 HTTP Request/Response Smuggling in puma

5.9CVSS7.5AI score0.0246EPSS

Exploits0References2

The Hacker News•added 2024/01/03 10:42 a.m.•58 views

SMTP Smuggling: New Flaw Lets Attackers Bypass Security and Spoof Emails

A new exploitation technique called Simple Mail Transfer Protocol SMTP smuggling can be weaponized by threat actors to send spoofed emails with fake sender addresses while bypassing security measures. "Threat actors could abuse vulnerable SMTP servers worldwide to send malicious emails from...

7.2AI score

Exploits0

Positive Technologies•added 2023/12/19 12:0 a.m.•3 views

PT-2023-9088 · Gunicorn +3 · Unicorn +3

Name of the Vulnerable Software and Affected Versions: Gunicorn versions prior to 22.0.0 Description: Gunicorn fails to properly validate Transfer-Encoding headers, leading to HTTP Request Smuggling HRS vulnerabilities. By crafting requests with conflicting Transfer-Encoding headers, attackers ca...

8.2CVSS7.7AI score0.00085EPSS

Exploits0References54

OSV•added 2023/11/24 11:6 a.m.•2 views

OESA-2023-1854 python-aiohttp security update

Async http client/server framework asyncio. Security Fixes: aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Affected versions of aiohttp have a security vulnerability regarding the inconsistent interpretation of the http protocol. HTTP/1.1 is a persistent protocol,...

6.5CVSS6.8AI score0.00358EPSS

Exploits1References2

RedhatCVE•added 2023/11/16 10:46 p.m.•44 views

CVE-2023-47641

Aiohttp is susceptible to an HTTP request smuggling vulnerability due to inadequate parsing of the HTTP Content-Length CL and Transfer-Encoding TE headers. This flaw allows an attacker to bypass proxy rules, poisoning sockets to other users, such as passing Authentication Headers. Additionally, i...

3.4CVSS6.3AI score0.00358EPSS

Exploits1References5

Veracode•added 2023/11/16 6:17 a.m.•32 views

HTTP Request Smuggling

aiohttp is vulnerable to HTTP Request Smuggling. The vulnerability exists due to an inconsistent interpretation of the Content-Length CL and Transfer-Encoding TE headers in httpparser.py, which can be exploited to bypass proxy rules, poison sockets, and potentially redirect users to malicious...

6.5CVSS7AI score0.00358EPSS

Exploits1References2Affected Software1

SUSE CVE•added 2023/11/16 1:54 a.m.•1 views

SUSE CVE-2023-47641

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Affected versions of aiohttp have a security vulnerability regarding the inconsistent interpretation of the http protocol. HTTP/1.1 is a persistent protocol, if both Content-LengthCL and Transfer-EncodingTE header...

5.4CVSS6.8AI score0.00358EPSS

Exploits1References5

OSV•added 2023/11/14 9:15 p.m.•1 views

DEBIAN-CVE-2023-47641

6.5CVSS5.8AI score0.00358EPSS

Exploits1References1

OSV•added 2023/11/14 9:15 p.m.•1 views

AZL-43519 CVE-2023-47641 affecting package python-aiohttp 3.6.2-3

6.5CVSS6.2AI score0.00358EPSS

Exploits1References1

OSV•added 2023/11/14 9:15 p.m.•0 views

AZL-44538 CVE-2023-47641 affecting package python-aiohttp 3.6.2-3

6.5CVSS6.2AI score0.00358EPSS

Exploits1References1

OSV•added 2023/11/14 9:15 p.m.•0 views

UBUNTU-CVE-2023-47641

6.5CVSS5.8AI score0.00358EPSS

Exploits1References5

UbuntuCve•added 2023/11/14 9:15 p.m.•23 views

CVE-2023-47641

6.5CVSS6.4AI score0.00358EPSS

Exploits1References4

Prion•added 2023/11/14 9:15 p.m.•43 views

Open redirect

6.4CVSS7AI score0.00358EPSS

Exploits1References2Affected Software1

OSV•added 2023/11/14 8:44 p.m.•31 views

CVE-2023-47641 Inconsistent interpretation of `Content-Length` vs. `Transfer-Encoding` in aiohttp

3.4CVSS5.6AI score0.00358EPSS

Exploits1References5

Debian CVE•added 2023/11/14 8:44 p.m.•39 views

CVE-2023-47641

6.5CVSS5.1AI score0.00358EPSS

Exploits1

Vulnrichment•added 2023/11/14 8:44 p.m.•17 views

CVE-2023-47641 Inconsistent interpretation of `Content-Length` vs. `Transfer-Encoding` in aiohttp

3.4CVSS6.7AI score0.00358EPSS

Exploits1References2

Github Security Blog•added 2023/11/14 8:36 p.m.•97 views

Aiohttp has inconsistent interpretation of `Content-Length` vs. `Transfer-Encoding` differing in C and Python fallbacks

Impact Aiohttp has a security vulnerability regarding the inconsistent interpretation of the http protocol. As we know that HTTP/1.1 is persistent, if we have both Content-LengthCL and Transfer-EncodingTE it can lead to incorrect interpretation of two entities that parse the HTTP and we can poiso...

6.5CVSS6.4AI score0.00358EPSS

Exploits1References7Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by