7 matches found
SUSE CVE-2020-15049
An issue was discovered in http/ContentLengthInterpreter.cc in Squid before 4.12 and 5.x before 5.0.3. A Request Smuggling and Poisoning attack can succeed against the HTTP cache. The client sends an HTTP request with a Content-Length header containing "+\ "-" or an uncommon shell whitespace...
ALPINE-CVE-2020-15049
An issue was discovered in http/ContentLengthInterpreter.cc in Squid before 4.12 and 5.x before 5.0.3. A Request Smuggling and Poisoning attack can succeed against the HTTP cache. The client sends an HTTP request with a Content-Length header containing "+\ "-" or an uncommon shell whitespace...
undertow: improper whitespace parsing leading to potential HTTP request smuggling
It was discovered that Undertow processes http request headers with unusual whitespaces which can cause possible http request smuggling...
undertow: improper whitespace parsing leading to potential HTTP request smuggling
It was discovered that Undertow processes http request headers with unusual whitespaces which can cause possible http request smuggling...
BSA-2017-286
Security Advisory ID : BSA-2017-286 Component : Apache Revision : 1.0: Interim Apache HTTP Server, prior to release 2.4.25, accepted a broad pattern of unusual whitespace patterns from the user-agent, including bare CR, FF, VTAB in parsing the request line and request header lines, as well as HTA...
CVE-2005-4144
Lyris ListManager 5.0 through 8.9a allows remote attackers to add "ORDER BY" columns to SQL queries via unusual whitespace characters in the orderby parameter, such as 1 newlines and 2 0xFF ASCII 255 characters, which are interpreted as whitespace...
CVE-2005-4144
Lyris ListManager 5.0 through 8.9a allows remote attackers to add "ORDER BY" columns to SQL queries via unusual whitespace characters in the orderby parameter, such as 1 newlines and 2 0xFF ASCII 255 characters, which are interpreted as whitespace...