CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1163 matches found

Veracode•added 2019/12/23 7:27 a.m.•58 views

HTTP Request Smuggling

waitress is vulnerable HTTP request smuggling. The vulnerability exists because the library mishandled HTTP request header by not correctly parsing the Transfer-Encoding header, causing the parser to use Content-Length header instead to determine the HTTP message body size, ignoring the requests...

7.5CVSS0.6AI score0.02545EPSS

Exploits0References10Affected Software3

Positive Technologies•added 2019/12/22 12:0 a.m.•5 views

PT-2019-5515 · Openwrt · Openwrt

Name of the Vulnerable Software and Affected Versions: OpenWrt versions 18.06.0 through 18.06.5 OpenWrt versions 19.0 through 19.07.0-rc2 Description: The issue is related to an integer signedness error in the uhttpd function of the OpenWrt embedded operating system, which can lead to out-of-boun...

7.8CVSS7.5AI score0.01551EPSS

Exploits0References6

OSV•added 2019/12/20 11:15 p.m.•2 views

DEBIAN-CVE-2019-16786

Waitress through version 1.3.1 would parse the Transfer-Encoding header and only look for a single string value, if that value was not chunked it would fall through and use the Content-Length header instead. According to the HTTP standard Transfer-Encoding should be a comma separated list, with t...

7.5CVSS6.3AI score0.02545EPSS

Exploits0References1

NVD•added 2019/12/20 11:15 p.m.•17 views

CVE-2019-16786

7.5CVSS7.1AI score0.02545EPSS

Exploits0References8

OSV•added 2019/12/20 11:15 p.m.•3 views

UBUNTU-CVE-2019-16786

7.5CVSS6.7AI score0.02545EPSS

Exploits0References4

UbuntuCve•added 2019/12/20 11:15 p.m.•24 views

CVE-2019-16786

7.5CVSS6.7AI score0.02545EPSS

Exploits0References3

Prion•added 2019/12/20 11:15 p.m.•22 views

Design/Logic Flaw

5CVSS7.1AI score0.02545EPSS

Exploits0References8Affected Software5

PyPA•added 2019/12/20 11:15 p.m.•4 views

PYSEC-2019-137

7.5CVSS6.7AI score0.02545EPSS

Exploits0References6Affected Software1

OSV•added 2019/12/20 11:15 p.m.•1 views

PYSEC-2019-67

5.9AI score

Exploits0References6

OSV•added 2019/12/20 11:15 p.m.•3 views

PYSEC-2019-137

7.5CVSS6.8AI score0.02545EPSS

Exploits0References6

Github Security Blog•added 2019/12/20 11:4 p.m.•150 views

HTTP Request Smuggling: Invalid Transfer-Encoding in Waitress

Impact Waitress would parse the Transfer-Encoding header and only look for a single string value, if that value was not chunked it would fall through and use the Content-Length header instead. According to the HTTP standard Transfer-Encoding should be a comma separated list, with the inner-most...

7.5CVSS0.02545EPSS

Exploits0References11Affected Software1

OSV•added 2019/12/20 11:4 p.m.•32 views

GHSA-G2XC-35JW-C63P HTTP Request Smuggling: Invalid Transfer-Encoding in Waitress

7.1CVSS7.5AI score0.02545EPSS

Exploits0References11

AlpineLinux•added 2019/12/20 11:0 p.m.•36 views

CVE-2019-16786

7.5CVSS7.2AI score0.02545EPSS

Exploits0

Debian CVE•added 2019/12/20 11:0 p.m.•30 views

CVE-2019-16786

7.5CVSS6.5AI score0.02545EPSS

Exploits0

Positive Technologies•added 2019/12/20 12:0 a.m.•7 views

PT-2019-6225 · Waitress +3 · Waitress +3

Name of the Vulnerable Software and Affected Versions: Waitress versions prior to 1.4.0 Description: The issue is related to the incorrect parsing of the Transfer-Encoding header in Waitress. According to the HTTP standard, Transfer-Encoding should be a comma-separated list with the inner-most...

9.8CVSS7.3AI score0.99856EPSS

Exploits28References173

Tenable Nessus•added 2019/12/05 12:0 a.m.•35 views

openSUSE Security Update : haproxy (openSUSE-2019-2645)

This update for haproxy to version 2.0.10 fixes the following issues : HAProxy was updated to 2.0.10 Security issues fixed : - CVE-2019-18277: Fixed a potential HTTP smuggling in messages with transfer-encoding header missing the 'chunked' bsc1154980. - Fixed an improper handling of headers which...

7.5CVSS6.8AI score0.10024EPSS

Exploits1References6

OPENSUSE Linux•added 2019/12/05 12:0 a.m.•126 views

Security update for haproxy (important)

openSUSE Security Update: Security update for haproxy Announcement ID: openSUSE-SU-2019:2645-1 Rating: important References: 1082318 1154980 1157712 1157714 Cross-References: CVE-2019-18277 Affected Products: openSUSE Leap 15.1 An update that solves one vulnerability and has three fixes is now...

7.5CVSS6.8AI score0.10024EPSS

Exploits1References4

OSV•added 2019/12/03 2:49 p.m.•2 views

OPENSUSE-SU-2019:2626-1 Security update for haproxy

This update for haproxy to version 2.0.10 fixes the following issues: HAProxy was updated to 2.0.10 Security issues fixed: - CVE-2019-18277: Fixed a potential HTTP smuggling in messages with transfer-encoding header missing the 'chunked' bsc1154980. - Fixed an improper handling of headers which...

7.5CVSS7.6AI score0.10024EPSS

Exploits1References6

Hacker One•added 2019/11/12 1:11 a.m.•53 views

Node.js: HTTP request smuggling using malformed Transfer-Encoding header

Please see the attached PDF for a writeup of this vulnerability. Impact Please see the attached PDF for a writeup of this vulnerability...

7.5CVSS9.1AI score0.57132EPSS

Exploits0

Imperva Blog•added 2019/10/29 12:13 p.m.•25 views

HTTP Desync Attacks in the Wild and How to Defend Against Them

Inspired by an article by Watchfire from 2005, we recently explored an old attack technique named HTTP Request Smuggling and checked it against our WAF protection. By coincidence, it turned out someone else was also exploring this technique at the same time. Given the hype it received as a result...

6.7AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by