Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

1141 matches found

OSV
OSVadded 2020/09/22 4:15 p.m.0 views

USN-4532-1 netty-3.9 vulnerabilities

It was discovered that Netty incorrectly handled certain HTTP headers. By sending an HTTP header with whitespace before the colon, a remote attacker could possibly use this issue to perform an HTTP request smuggling attack. CVE-2019-16869 It was discovered that Netty incorrectly handled certain...

9.1CVSS6.9AI score0.1832EPSS
Exploits3References4
OSV
OSVadded 2020/09/21 3:15 p.m.3 views

CVE-2020-4581

IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.12 could allow a remote attacker to cause a denial of service by sending a chunked transfer-encoding HTTP/2 request. IBM X-Force ID: 184441...

7.5CVSS5.8AI score
Exploits0References2
Cvelist
Cvelistadded 2020/09/21 2:55 p.m.17 views

CVE-2020-4581

IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.12 could allow a remote attacker to cause a denial of service by sending a chunked transfer-encoding HTTP/2 request. IBM X-Force ID: 184441...

7.5CVSS7.2AI score0.00729EPSS
Exploits0References2
OSV
OSVadded 2020/09/07 8:29 a.m.5 views

OPENSUSE-SU-2020:1369-1 Security update for squid

This update for squid fixes the following issues: squid was updated to version 4.13: - CVE-2020-24606: Fix livelocking in peerDigestHandleReply bsc1175671. - CVE-2020-15811: Improve Transfer-Encoding handling bsc1175665. - CVE-2020-15810: Enforce token characters for field-name bsc1175664. This...

9.9CVSS8AI score0.15653EPSS
Exploits0References9
Tenable Nessus
Tenable Nessusadded 2020/09/04 12:0 a.m.29 views

SUSE SLES12 Security Update : squid (SUSE-SU-2020:2471-1)

This update for squid fixes the following issues : CVE-2020-24606: Fix livelocking in peerDigestHandleReply bsc1175671. CVE-2020-15811: Improve Transfer-Encoding handling bsc1175665. CVE-2020-15810: Enforce token characters for field-name bsc1175664. Note that Tenable Network Security has extract...

8.6CVSS6.7AI score0.06342EPSS
Exploits0References10
OSV
OSVadded 2020/09/03 7:3 a.m.4 views

SUSE-SU-2020:2471-1 Security update for squid

This update for squid fixes the following issues: - CVE-2020-24606: Fix livelocking in peerDigestHandleReply bsc1175671. - CVE-2020-15811: Improve Transfer-Encoding handling bsc1175665. - CVE-2020-15810: Enforce token characters for field-name bsc1175664...

8.6CVSS7.5AI score0.06342EPSS
Exploits0References7
NVD
NVDadded 2020/09/02 5:15 p.m.18 views

CVE-2020-15811

An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Splitting attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the...

6.5CVSS7.3AI score0.00185EPSS
Exploits0References13
OSV
OSVadded 2020/09/02 5:15 p.m.1 views

ALPINE-CVE-2020-15811

An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Splitting attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the...

6.5CVSS6.8AI score0.00185EPSS
Exploits0References1
OSV
OSVadded 2020/09/02 5:15 p.m.30 views

CVE-2020-15811

An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Splitting attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the...

6.5CVSS6.7AI score
Exploits0References13
OSV
OSVadded 2020/09/02 5:15 p.m.1 views

DEBIAN-CVE-2020-15811

An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Splitting attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the...

6.5CVSS6.9AI score0.00185EPSS
Exploits0References1
Debian CVE
Debian CVEadded 2020/09/02 4:35 p.m.34 views

CVE-2020-15811

An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Splitting attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the...

6.5CVSS6.8AI score0.00185EPSS
Exploits0
AlpineLinux
AlpineLinuxadded 2020/09/02 4:35 p.m.26 views

CVE-2020-15811

An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Splitting attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the...

6.5CVSS7.2AI score0.00185EPSS
Exploits0
CVE
CVEadded 2020/09/02 4:35 p.m.284 views

CVE-2020-15811

CVE-2020-15811 affects Squid before 4.13 and 5.x before 5.0.4, allowing HTTP Request Splitting that can poison caches by mishandling Transfer-Encoding. The issue is confirmed in vendor advisories (ALAS2SQUID4-2023-006; ALAS-2020-1453; ALAS2-2020-1548) which recommend updating Squid to fixed build...

6.5CVSS6.8AI score0.00185EPSS
Exploits0References13Affected Software1
OSV
OSVadded 2020/09/02 7:32 a.m.8 views

SUSE-SU-2020:2442-1 Security update for squid

This update for squid fixes the following issues: squid was updated to version 4.13: - CVE-2020-24606: Fix livelocking in peerDigestHandleReply bsc1175671. - CVE-2020-15811: Improve Transfer-Encoding handling bsc1175665. - CVE-2020-15810: Enforce token characters for field-name bsc1175664...

9.9CVSS7.8AI score0.15653EPSS
Exploits0References9
Tenable Nessus
Tenable Nessusadded 2020/08/28 12:0 a.m.35 views

EulerOS Virtualization for ARM 64 3.0.6.0 : haproxy (EulerOS-SA-2020-1904)

According to the versions of the haproxy package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - The HTTP/2 implementation in HAProxy before 2.0.10 mishandles headers, as demonstrated by carriage return CR, ASCII 0x...

9.8CVSS6.8AI score0.02818EPSS
Exploits1References3
UbuntuCve
UbuntuCveadded 2020/08/24 12:0 a.m.40 views

CVE-2020-15811

An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Splitting attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the...

6.5CVSS6.7AI score0.00185EPSS
Exploits0References4
OSV
OSVadded 2020/08/24 12:0 a.m.0 views

UBUNTU-CVE-2020-15811

An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Splitting attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the...

6.5CVSS6.8AI score0.00185EPSS
Exploits0References5
Hacker One
Hacker Oneadded 2020/08/23 1:25 p.m.40 views

Ruby: Potential HTTP Request Smuggling in ruby webrick

function readbody in file /lib/webrick/httprequest.rb use expression /chunked/io to decide transfer-encoding whether or not. that is not rigorous. When using webrick as a http server, a attacker may use a Transfer-Encoding: AAAchunkedBBB header to fake a legal header. than can make a HTTP Request...

7.1AI score
Exploits0
RedHat Linux
RedHat Linuxadded 2020/08/04 11:18 a.m.3 views

tomcat: Mishandling of Transfer-Encoding header allows for HTTP request smuggling

A flaw was found in Apache Tomcat. The HTTP header parsing code used an approach to end-of-line EOL parsing that allowed some invalid HTTP headers to be parsed as valid. This led to the possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the...

5.8CVSS6.8AI score0.01382EPSS
Exploits0References7
RedHat Linux
RedHat Linuxadded 2020/08/04 11:17 a.m.3 views

tomcat: Mishandling of Transfer-Encoding header allows for HTTP request smuggling

A flaw was found in Apache Tomcat. The HTTP header parsing code used an approach to end-of-line EOL parsing that allowed some invalid HTTP headers to be parsed as valid. This led to the possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the...

5.8CVSS6.8AI score0.01382EPSS
Exploits0References7
Rows per page
Query Builder