Lucene search
K

71 matches found

RedhatCVE
RedhatCVE
added 2022/05/20 11:2 p.m.25 views

CVE-2021-32715

hyper is an HTTP library for rust. hyper's HTTP/1 server code had a flaw that incorrectly parses and accepts requests with a Content-Length header with a prefixed plus sign, when it should have been rejected as illegal. This combined with an upstream HTTP proxy that doesn't parse such...

6.5CVSS0.4AI score0.00886EPSS
Exploits1References1
Huntr
Huntr
added 2022/03/10 3:29 a.m.36 views

HTTP Request Smuggling

Summary Due to several violations of the HTTP standard as defined in RFC7230, Waitress is vulnerable to HTTP request smuggling when used with an upstream proxy that exhibits nonstandard behaviour. Each issue is explained in the Occurrences section below...

5CVSS0.3AI score0.01738EPSS
Exploits0References2
NVD
NVD
added 2021/10/20 11:15 p.m.26 views

CVE-2021-41163

Discourse is an open source platform for community discussion. In affected versions maliciously crafted requests could lead to remote code execution. This resulted from a lack of validation in subscribeurl values. This issue is patched in the latest stable, beta and tests-passed versions of...

10CVSS0.19812EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2021/10/20 11:15 p.m.4 views

CVE-2021-41163

Discourse is an open source platform for community discussion. In affected versions maliciously crafted requests could lead to remote code execution. This resulted from a lack of validation in subscribeurl values. This issue is patched in the latest stable, beta and tests-passed versions of...

10CVSS7.5AI score0.19812EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2021/10/20 11:15 p.m.21 views

Remote code execution

Discourse is an open source platform for community discussion. In affected versions maliciously crafted requests could lead to remote code execution. This resulted from a lack of validation in subscribeurl values. This issue is patched in the latest stable, beta and tests-passed versions of...

7.5CVSS9.4AI score0.19812EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/10/20 10:30 p.m.29 views

CVE-2021-41163 RCE via malicious SNS subscription payload

Discourse is an open source platform for community discussion. In affected versions maliciously crafted requests could lead to remote code execution. This resulted from a lack of validation in subscribeurl values. This issue is patched in the latest stable, beta and tests-passed versions of...

10CVSS9.8AI score0.19812EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2021/10/20 12:0 a.m.4 views

PT-2021-23140 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions 2.7.8 and earlier Description: Discourse is an open source platform for community discussion. In affected versions, maliciously crafted requests could lead to remote code execution. This resulted from a lack of validation i...

10CVSS9.6AI score0.19812EPSS
Exploits0References11
OSV
OSV
added 2021/07/12 4:55 p.m.17 views

GHSA-5H46-H7HH-C6X9 Integer Overflow in Chunked Transfer-Encoding

Summary hyper's HTTP server and client code had a flaw that could trigger an integer overflow when decoding chunk sizes that are too big. This allows possible data loss, or if combined with an upstream HTTP proxy that allows chunk sizes larger than hyper does, can result in "request smuggling" or...

5.9CVSS9.2AI score0.01133EPSS
Exploits1References4
NVD
NVD
added 2021/07/07 8:15 p.m.17 views

CVE-2021-32715

hyper is an HTTP library for rust. hyper's HTTP/1 server code had a flaw that incorrectly parses and accepts requests with a Content-Length header with a prefixed plus sign, when it should have been rejected as illegal. This combined with an upstream HTTP proxy that doesn't parse such...

5.3CVSS0.00886EPSS
Exploits1References2
OSV
OSV
added 2021/07/07 8:15 p.m.3 views

DEBIAN-CVE-2021-32714

hyper is an HTTP library for Rust. In versions prior to 0.14.10, hyper's HTTP server and client code had a flaw that could trigger an integer overflow when decoding chunk sizes that are too big. This allows possible data loss, or if combined with an upstream HTTP proxy that allows chunk sizes...

9.1CVSS7.3AI score0.01133EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2021/07/07 8:15 p.m.25 views

CVE-2021-32714

hyper is an HTTP library for Rust. In versions prior to 0.14.10, hyper's HTTP server and client code had a flaw that could trigger an integer overflow when decoding chunk sizes that are too big. This allows possible data loss, or if combined with an upstream HTTP proxy that allows chunk sizes...

9.1CVSS6.5AI score0.01133EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2021/07/07 8:15 p.m.17 views

CVE-2021-32715

hyper is an HTTP library for rust. hyper's HTTP/1 server code had a flaw that incorrectly parses and accepts requests with a Content-Length header with a prefixed plus sign, when it should have been rejected as illegal. This combined with an upstream HTTP proxy that doesn't parse such...

5.3CVSS6.1AI score0.00886EPSS
Exploits1References4
Cvelist
Cvelist
added 2021/07/07 8:5 p.m.66 views

CVE-2021-32715 Lenient Parsing of Content-Length Header When Prefixed with Plus Sign

hyper is an HTTP library for rust. hyper's HTTP/1 server code had a flaw that incorrectly parses and accepts requests with a Content-Length header with a prefixed plus sign, when it should have been rejected as illegal. This combined with an upstream HTTP proxy that doesn't parse such...

3.1CVSS5.6AI score0.00886EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2021/07/07 8:5 p.m.29 views

CVE-2021-32715

hyper is an HTTP library for rust. hyper's HTTP/1 server code had a flaw that incorrectly parses and accepts requests with a Content-Length header with a prefixed plus sign, when it should have been rejected as illegal. This combined with an upstream HTTP proxy that doesn't parse such...

5.3CVSS5.3AI score0.00886EPSS
Exploits1
Debian CVE
Debian CVE
added 2021/07/07 7:35 p.m.43 views

CVE-2021-32714

hyper is an HTTP library for Rust. In versions prior to 0.14.10, hyper's HTTP server and client code had a flaw that could trigger an integer overflow when decoding chunk sizes that are too big. This allows possible data loss, or if combined with an upstream HTTP proxy that allows chunk sizes...

9.1CVSS9.3AI score0.01133EPSS
Exploits1
OSV
OSV
added 2021/03/29 6:15 p.m.3 views

CVE-2021-29416

An issue was discovered in PortSwigger Burp Suite before 2021.2. During viewing of a malicious request, it can be manipulated into issuing a request that does not respect its upstream proxy configuration. This could leak NetNTLM hashes on Windows systems that fail to block outbound SMB...

6.5CVSS6.6AI score0.01149EPSS
Exploits1References2
OSV
OSV
added 2021/02/11 6:15 p.m.2 views

DEBIAN-CVE-2021-21299

hyper is an open-source HTTP library for Rust crates.io. In hyper from version 0.12.0 and before versions 0.13.10 and 0.14.3 there is a vulnerability that can enable a request smuggling attack. The HTTP server code had a flaw that incorrectly understands some requests with multiple...

8.1CVSS7.8AI score0.04771EPSS
Exploits0References1
OSV
OSV
added 2021/02/11 6:15 p.m.3 views

UBUNTU-CVE-2021-21299

hyper is an open-source HTTP library for Rust crates.io. In hyper from version 0.12.0 and before versions 0.13.10 and 0.14.3 there is a vulnerability that can enable a request smuggling attack. The HTTP server code had a flaw that incorrectly understands some requests with multiple...

8.1CVSS7.2AI score0.04771EPSS
Exploits0References7
Kitploit
Kitploit
added 2020/12/27 11:30 a.m.134 views

Proxify - Swiss Army Knife Proxy Tool For HTTP/HTTPS Traffic Capture, Manipulation, And Replay On The Go

Swiss Army Knife Proxy for rapid deployments. Supports multiple operations such as request/response dump, filtering and manipulation via DSL language, upstream HTTP/Socks5 proxy. Additionally a replay utility allows to import the dumped traffic request/responses with correct domain name into burp...

7.2AI score
Exploits0References3
RedHat Linux
RedHat Linux
added 2020/02/25 3:56 p.m.4 views

nodejs: HTTP header values do not have trailing optional whitespace trimmed

A flaw was found in Node.js where the HTTPs header values were not stripped of trailing whitespace. An attacker can use this flaw to send an HTTPs request which is validated by an upstream proxy server, but not by the Node.js HTTPs server...

9.8CVSS7.1AI score0.20041EPSS
Exploits1References5
Rows per page
Query Builder