Puma vulnerable to HTTP Request Smuggling

When using Puma behind a proxy that does not properly validate that the incoming HTTP request matches the RFC7230 standard, Puma and the frontend proxy may disagree on where a request starts and ends. This would allow requests to be smuggled via the front-end proxy to Puma. The following...

PT-2022-7650 · Puma +11 · Puma +11

Name of the Vulnerable Software and Affected Versions: Puma versions prior to 4.3.12 Puma versions prior to 5.6.4 Description: The issue is related to the handling of HTTP requests in Puma, a server for Ruby/Rack applications. When Puma is used behind a proxy that does not properly validate...

Node.js: HTTP Request Smuggling Due to Flawed Parsing of Transfer-Encoding

Summary: The llhttp parser in the http module in Node v17.8.0 does not correctly parse and validate Transfer-Encoding headers. This can lead to HTTP Request Smuggling HRS. Description: After 1501679, I did a bit more digging into the issue, and found that there were more flaws in the parsing of...

Node.js: HTTP Request Smuggling Due to Incorrect Parsing of Multi-line Transfer-Encoding

Summary: The llhttp parser in the http module in Node v17.6.0 does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling HRS. Description: When Node receives the following request: http GET / HTTP/1.1 Transfer-Encoding: chunked , identity 1 a 0 it...

ruby: Potential HTTP request smuggling in WEBrick

An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy which also has a po...

ruby: Potential HTTP request smuggling in WEBrick

An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy which also has a po...

CVE-2022-21907

HTTP Protocol Stack Remote Code Execution Vulnerability...

GO-2021-0159 Request smuggling due to improper header parsing in net/http

HTTP headers were not properly parsed, which allows remote attackers to conduct HTTP request smuggling attacks via a request that contains Content-Length and Transfer-Encoding header fields...

HTTP Request Smuggling

Overview std/net/http is a Go standard library package std/net/http Affected versions of this package are vulnerable to HTTP Request Smuggling. Go Vulnerability Report: HTTP headers were not properly parsed, which allows remote attackers to conduct HTTP request smuggling attacks via a request tha...

FreeBSD : routinator -- multiple vulnerabilities (9c990e67-6e30-11ec-82db-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 9c990e67-6e30-11ec-82db-b42e991fc52e advisory. - NLnet Labs Routinator prior to 0.10.2 happily processes a chain of RRDP repositories of...

tomcat: HTTP request smuggling when used with a reverse proxy

Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: - Tomcat incorrectly ignored the transfer...

tomcat: HTTP request smuggling when used with a reverse proxy

Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: - Tomcat incorrectly ignored the transfer...

openSUSE 15 Security Update : tomcat (openSUSE-SU-2021:1490-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1490-1 advisory. - A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to...

openSUSE 15 Security Update : tomcat (openSUSE-SU-2021:3672-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:3672-1 advisory. - A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to...

SUSE SLES15 Security Update : tomcat (SUSE-SU-2021:3670-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3670-1 advisory. - A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/o...

Input validation

NLnet Labs Routinator versions 0.9.0 up to and including 0.10.1, support the gzip transfer encoding when querying RRDP repositories. This encoding can be used by an RRDP repository to cause an out-of-memory crash in these versions of Routinator. RRDP uses XML which allows arbitrary amounts of whi...

CVE-2021-43174

NLnet Labs Routinator versions 0.9.0 up to and including 0.10.1, support the gzip transfer encoding when querying RRDP repositories. This encoding can be used by an RRDP repository to cause an out-of-memory crash in these versions of Routinator. RRDP uses XML which allows arbitrary amounts of whi...

CVE-2021-43174

CVE-2021-43174 affects NLnet Labs Routinator 0.9.0 up to and including 0.10.1. The issue arises when querying RRDP repositories that use gzip transfer encoding: RRDP’s XML data can include large amounts of whitespace, and gzip compression can massively shrink this whitespace, causing decompressed...

CVE-2021-43174 gzip transfer encoding caused out-of-memory crash

NLnet Labs Routinator versions 0.9.0 up to and including 0.10.1, support the gzip transfer encoding when querying RRDP repositories. This encoding can be used by an RRDP repository to cause an out-of-memory crash in these versions of Routinator. RRDP uses XML which allows arbitrary amounts of whi...

SUSE SLES12 Security Update : tomcat (SUSE-SU-2021:3602-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3602-1 advisory. - A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/o...