1141 matches found
Lightbeed Akka Akka-http Environment Issue Vulnerability
Lightbeed Akka Akka-http is a toolkit from the Lightbeed community in China. It provides a more generalized toolkit for providing and using HTTP-based services. An environment issue vulnerability exists in com.typesafe.akka:akka-http-core that allows multiple Transfer-Encoding headers...
HTTP Request Smuggling
Overview com.typesafe.akka:akka-http-core is a full server- and client-side HTTP stack on top of akka-actor and akka-stream. Affected versions of this package are vulnerable to HTTP Request Smuggling. It allows multiple Transfer-Encoding headers. Remediation Upgrade com.typesafe.akka:akka-http-co...
HTTP Request Smuggling
Overview com.typesafe.akka:akka-http-core2.13 is a modern, fast, asynchronous, streaming-first HTTP server and client. Affected versions of this package are vulnerable to HTTP Request Smuggling. It allows multiple Transfer-Encoding headers. Remediation Upgrade com.typesafe.akka:akka-http-core2.13...
HTTP Request Smuggling
Overview com.typesafe.akka:akka-http-core2.12 is a Scala implementation of the akka-http-core library which provides a streaming-first HTTP server and client. Affected versions of this package are vulnerable to HTTP Request Smuggling. It allows multiple Transfer-Encoding headers. Remediation...
HTTP Request Smuggling
Overview com.typesafe.akka:akka-http-core2.11 is a Scala implementation of the akka-http-core library which provides a streaming-first HTTP server and client. Affected versions of this package are vulnerable to HTTP Request Smuggling. It allows multiple Transfer-Encoding headers. Remediation...
DEBIAN-CVE-2021-21299
hyper is an open-source HTTP library for Rust crates.io. In hyper from version 0.12.0 and before versions 0.13.10 and 0.14.3 there is a vulnerability that can enable a request smuggling attack. The HTTP server code had a flaw that incorrectly understands some requests with multiple...
CVE-2021-21299
hyper is an open-source HTTP library for Rust crates.io. In hyper from version 0.12.0 and before versions 0.13.10 and 0.14.3 there is a vulnerability that can enable a request smuggling attack. The HTTP server code had a flaw that incorrectly understands some requests with multiple...
UBUNTU-CVE-2021-21299
hyper is an open-source HTTP library for Rust crates.io. In hyper from version 0.12.0 and before versions 0.13.10 and 0.14.3 there is a vulnerability that can enable a request smuggling attack. The HTTP server code had a flaw that incorrectly understands some requests with multiple...
Design/Logic Flaw
hyper is an open-source HTTP library for Rust crates.io. In hyper from version 0.12.0 and before versions 0.13.10 and 0.14.3 there is a vulnerability that can enable a request smuggling attack. The HTTP server code had a flaw that incorrectly understands some requests with multiple...
CVE-2021-21299 Multiple Transfer-Encoding headers misinterprets request payload
hyper is an open-source HTTP library for Rust crates.io. In hyper from version 0.12.0 and before versions 0.13.10 and 0.14.3 there is a vulnerability that can enable a request smuggling attack. The HTTP server code had a flaw that incorrectly understands some requests with multiple...
Multiple Transfer-Encoding headers misinterprets request payload
hyper's HTTP server code had a flaw that incorrectly understands some requests with multiple transfer-encoding headers to have a chunked payload, when it should have been rejected as illegal. This combined with an upstream HTTP proxy that understands the request payload boundary differently can...
RUSTSEC-2021-0020 Multiple Transfer-Encoding headers misinterprets request payload
hyper's HTTP server code had a flaw that incorrectly understands some requests with multiple transfer-encoding headers to have a chunked payload, when it should have been rejected as illegal. This combined with an upstream HTTP proxy that understands the request payload boundary differently can...
CentOS 8 : nodejs:12 (CESA-2020:0598)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:0598 advisory. - nodejs: Remotely trigger an assertion on a TLS server with a malformed certificate string CVE-2019-15604 - nodejs: HTTP request smuggling using...
Micrium uC-HTTP HTTP Server null pointer dereference denial-of-service vulnerability
Summary A denial-of-service vulnerability exists in the HTTP Server functionality of Micrium uC-HTTP 3.01.00. A specially crafted HTTP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability. Tested Versions Micrium uC-HTTP 3.01.00 Product URLs...
EulerOS 2.0 SP3 : squid (EulerOS-SA-2021-1123)
According to the versions of the squid packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in http/ContentLengthInterpreter.cc in Squid before 4.12 and 5.x before 5.0.3. A Request Smuggling and Poisoning attack c...
UBUNTU-CVE-2020-8287
Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in an HTTP request for example, two Transfer-Encoding header fields. In this case, Node.js identifies the first header field and ignores the second. This can lead to HTTP Request Smuggling...
Exploit for HTTP Request Smuggling in Nodejs Node.Js
nodejs-http-transfer-encoding-smuggling-poc PoC of HTTP Reque...
CVE-2020-35884
An issue was discovered in the tinyhttp crate through 2020-06-16 for Rust. HTTP Request smuggling can occur via a malformed Transfer-Encoding header...
CVE-2020-35884
An issue was discovered in the tinyhttp crate through 2020-06-16 for Rust. HTTP Request smuggling can occur via a malformed Transfer-Encoding header...
CVE-2020-35884
An issue was discovered in the tinyhttp crate through 2020-06-16 for Rust. HTTP Request smuggling can occur via a malformed Transfer-Encoding header...