1141 matches found
nodejs: HTTP request smuggling using malformed Transfer-Encoding header
A flaw was found in the Node.js code where a specially crafted HTTPs request sent to a Node.js server failed to properly process the HTTPs headers, resulting in a request smuggling attack. An attacker can use this flaw to alter a request sent as an authenticated user if the Node.js server is...
nodejs: HTTP request smuggling using malformed Transfer-Encoding header
A flaw was found in the Node.js code where a specially crafted HTTPs request sent to a Node.js server failed to properly process the HTTPs headers, resulting in a request smuggling attack. An attacker can use this flaw to alter a request sent as an authenticated user if the Node.js server is...
netty: HttpObjectDecoder.java allows Content-Length header to accompanied by second Content-Length header
A flaw was found in Netty before version 4.1.44, where it accepted multiple Content-Length headers and also accepted both Transfer-Encoding, as well as Content-Length headers where it should reject the message under such circumstances. In circumstances where Netty is used in the context of a...
netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling
A flaw was found in Netty, where it mishandles Transfer-Encoding whitespace. This flaw allows HTTP Request Smuggling...
Security Bulletin: Multiple vulnerabilities in netty affect IBM Operations Analytics Predictive Insights (CVE-2019-20445, CVE-2019-20444)
Summary Netty is used by IBM Operations Analytics Predictive Insights. IBM Operations Analytics Predictive Insights has addressed the applicable CVE. Note that the usage of Netty within IBM Operations Analytics Predictive Insights is limited to the REST Mediation utility. If you do not use that...
Potential HTTP request smuggling in Apache Tomcat
The refactoring present in Apache Tomcat versions 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a regression. The result of the regression was that invalid Transfer-Encoding headers were incorrectly processed leading to a possibility of HTTP Request Smuggling if Tomcat was...
GHSA-767J-JFH2-JVRC Potential HTTP request smuggling in Apache Tomcat
The refactoring present in Apache Tomcat versions 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a regression. The result of the regression was that invalid Transfer-Encoding headers were incorrectly processed leading to a possibility of HTTP Request Smuggling if Tomcat was...
Apache Tomcat 7.0.x < 7.0.100 Multiple Vulnerabilities
The version of Apache Tomcat installed on the remote host is 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 or 7.0.0 to 7.0.99. It is, therefore, affected by multiple vulnerabilities : - An arbitrary file read vulnerability in AJP protocol due to an implementation defect which could also be leveraged to...
SUSE SLES15 Security Update : nodejs8 (SUSE-SU-2020:0454-1)
This update for nodejs8 fixes the following issues : Security issues fixed : CVE-2019-15604: Fixed a remotely triggerable assertion in the TLS server via a crafted certificate string CVE-2019-15604, bsc1163104. CVE-2019-15605: Fixed an HTTP request smuggling vulnerability via malformed...
netty: HttpObjectDecoder.java allows Content-Length header to accompanied by second Content-Length header
A flaw was found in Netty before version 4.1.44, where it accepted multiple Content-Length headers and also accepted both Transfer-Encoding, as well as Content-Length headers where it should reject the message under such circumstances. In circumstances where Netty is used in the context of a...
netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling
A flaw was found in Netty, where it mishandles Transfer-Encoding whitespace. This flaw allows HTTP Request Smuggling...
netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling
A flaw was found in Netty, where it mishandles Transfer-Encoding whitespace. This flaw allows HTTP Request Smuggling...
netty: HttpObjectDecoder.java allows Content-Length header to accompanied by second Content-Length header
A flaw was found in Netty before version 4.1.44, where it accepted multiple Content-Length headers and also accepted both Transfer-Encoding, as well as Content-Length headers where it should reject the message under such circumstances. In circumstances where Netty is used in the context of a...
nodejs: HTTP request smuggling using malformed Transfer-Encoding header
A flaw was found in the Node.js code where a specially crafted HTTPs request sent to a Node.js server failed to properly process the HTTPs headers, resulting in a request smuggling attack. An attacker can use this flaw to alter a request sent as an authenticated user if the Node.js server is...
netty: HttpObjectDecoder.java allows Content-Length header to accompanied by second Content-Length header
A flaw was found in Netty before version 4.1.44, where it accepted multiple Content-Length headers and also accepted both Transfer-Encoding, as well as Content-Length headers where it should reject the message under such circumstances. In circumstances where Netty is used in the context of a...
netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling
A flaw was found in Netty, where it mishandles Transfer-Encoding whitespace. This flaw allows HTTP Request Smuggling...
nodejs: HTTP request smuggling using malformed Transfer-Encoding header
A flaw was found in the Node.js code where a specially crafted HTTPs request sent to a Node.js server failed to properly process the HTTPs headers, resulting in a request smuggling attack. An attacker can use this flaw to alter a request sent as an authenticated user if the Node.js server is...
nodejs: HTTP request smuggling using malformed Transfer-Encoding header
A flaw was found in the Node.js code where a specially crafted HTTPs request sent to a Node.js server failed to properly process the HTTPs headers, resulting in a request smuggling attack. An attacker can use this flaw to alter a request sent as an authenticated user if the Node.js server is...
nodejs: HTTP request smuggling using malformed Transfer-Encoding header
A flaw was found in the Node.js code where a specially crafted HTTPs request sent to a Node.js server failed to properly process the HTTPs headers, resulting in a request smuggling attack. An attacker can use this flaw to alter a request sent as an authenticated user if the Node.js server is...
HTTP Request Smuggling
tomcat-coyote is vulnerable to HTTP request smuggling. The vulnerability exists due to mishandling of incorrect transfer encoding headers introduced by a regression if server is placed after a reverse proxy...