1141 matches found
CVE-2020-7670
agoo prior to 2.14.0 allows request smuggling attacks where agoo is used as a backend and a frontend proxy also being vulnerable. HTTP pipelining issues and request smuggling attacks might be possible due to incorrect Content-Length and Transfer encoding header parsing. It is possible to conduct...
CVE-2020-7671
goliath through 1.0.6 allows request smuggling attacks where goliath is used as a backend and a frontend proxy also being vulnerable. It is possible to conduct HTTP request smuggling attacks by sending the Content-Length header twice. Furthermore, invalid Transfer Encoding headers were found to b...
CVE-2020-7671
goliath through 1.0.6 allows request smuggling attacks where goliath is used as a backend and a frontend proxy also being vulnerable. It is possible to conduct HTTP request smuggling attacks by sending the Content-Length header twice. Furthermore, invalid Transfer Encoding headers were found to b...
Design/Logic Flaw
goliath through 1.0.6 allows request smuggling attacks where goliath is used as a backend and a frontend proxy also being vulnerable. It is possible to conduct HTTP request smuggling attacks by sending the Content-Length header twice. Furthermore, invalid Transfer Encoding headers were found to b...
CVE-2020-7671
CVE-2020-7671 affects the goliath framework up to version 1.0.6. The issue enables HTTP request smuggling when goliath is used as a backend and frontend proxy, via sending the Content-Length header twice and due to invalid Transfer-Encoding headers being parsed as valid (TE:CL smuggling). The con...
CVE-2020-7670
Agoo prior to 2.14.0 is affected. The issue arises from incorrect parsing of Content-Length and Transfer-Encoding headers, enabling HTTP request smuggling when Agoo is used as a backend and a frontend proxy in a chain of backends. Impact is described as possible request smuggling due to TE/CL han...
tomcat: Mishandling of Transfer-Encoding header allows for HTTP request smuggling
A flaw was found in Apache Tomcat. The HTTP header parsing code used an approach to end-of-line EOL parsing that allowed some invalid HTTP headers to be parsed as valid. This led to the possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the...
HTTP Request Smuggling
Overview agoo is a fast HTTP server supporting rack. Affected versions of this package are vulnerable to HTTP Request Smuggling. HTTP pipelining issues and request smuggling attacks might be possible due to incorrect Content-Length and Transfer encoding header parsing. It is possible to conduct...
HTTP Request Smuggling
Overview goliath is an Async framework for writing API servers. Affected versions of this package are vulnerable to HTTP Request Smuggling. HTTP pipelining issues and request smuggling attacks might be possible due to incorrect Content-Length and Transfer encoding header parsing. It is possible t...
HTTP Request Smuggling
reel is vulnerable to HTTP Request Smuggling. The vulnerability exists as it allows the Content-Length header to be sent twice, and also allowing invalid Transfer Encoding headers to be parsed as valid, causing extra content to be valid in the request...
CVE-2020-11076
A flaw was found in rubygem-puma. An attacker could smuggle an HTTP response, by using an invalid transfer-encoding header. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and...
CVE-2020-7659
reel through 0.6.1 allows Request Smuggling attacks due to incorrect Content-Length and Transfer encoding header parsing. It is possible to conduct HTTP request smuggling attacks by sending the Content-Length header twice. Furthermore, invalid Transfer Encoding headers were found to be parsed as...
CVE-2020-7659
reel through 0.6.1 allows Request Smuggling attacks due to incorrect Content-Length and Transfer encoding header parsing. It is possible to conduct HTTP request smuggling attacks by sending the Content-Length header twice. Furthermore, invalid Transfer Encoding headers were found to be parsed as...
UBUNTU-CVE-2020-7659
reel through 0.6.1 allows Request Smuggling attacks due to incorrect Content-Length and Transfer encoding header parsing. It is possible to conduct HTTP request smuggling attacks by sending the Content-Length header twice. Furthermore, invalid Transfer Encoding headers were found to be parsed as...
Cross site request forgery (csrf)
reel through 0.6.1 allows Request Smuggling attacks due to incorrect Content-Length and Transfer encoding header parsing. It is possible to conduct HTTP request smuggling attacks by sending the Content-Length header twice. Furthermore, invalid Transfer Encoding headers were found to be parsed as...
CVE-2020-7659
reel through 0.6.1 allows Request Smuggling attacks due to incorrect Content-Length and Transfer encoding header parsing. It is possible to conduct HTTP request smuggling attacks by sending the Content-Length header twice. Furthermore, invalid Transfer Encoding headers were found to be parsed as...
CVE-2020-7659
Removed by vendor...
CVE-2020-7659
reel through 0.6.1 allows Request Smuggling attacks due to incorrect Content-Length and Transfer encoding header parsing. It is possible to conduct HTTP request smuggling attacks by sending the Content-Length header twice. Furthermore, invalid Transfer Encoding headers were found to be parsed as...
HTTP Request Smuggling
Overview reel is a fast, non-blocking "evented" web server built on httpparser.rb, websocket-driver, Celluloid::IO, and nio4r. Note: This project is deprecated, and is not maintained anymore. Affected versions of this package are vulnerable to HTTP Request Smuggling. HTTP pipelining issues and...
netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling
A flaw was found in Netty, where it mishandles Transfer-Encoding whitespace. This flaw allows HTTP Request Smuggling...