Lucene search
K

8 matches found

NVD
NVD
added 2026/06/29 8:17 p.m.10 views

CVE-2026-13762

Inconsistent interpretation of HTTP/2 requests in Amazon CloudFront with AWS WAF enabled might allow remote actors to bypass AWS WAF managed rule body inspection via crafted HTTP/2 requests that fragment the request body across frames so that only a partial body is inspected. This issue was...

9.8CVSS0.00438EPSS
Exploits0References1
CVE
CVE
added 2026/06/29 8:3 p.m.18 views

CVE-2026-13763

This CVE affects AWS Application Load Balancer (ALB) with AWS WAF enabled, where inconsistent interpretation of HTTP/2 requests can allow bypass of WAF body inspection when the request body is fragmented across frames, leading to partial inspection. Affected component: HTTP/2 ALB target groups; r...

9.8CVSS5.8AI score0.00473EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/29 8:3 p.m.45 views

CVE-2026-13762

CVE-2026-13762 involves an vulnerability in Amazon CloudFront when AWS WAF is enabled. The issue arises from an inconsistent interpretation of HTTP/2 requests, which can allow remote actors to bypass AWS WAF managed body‑inspection by fragmenting the request body across frames so that only a part...

9.8CVSS5.8AI score0.00438EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.5 views

PT-2026-53691

Name of the Vulnerable Software and Affected Versions Amazon CloudFront affected versions not specified Description An inconsistent interpretation of HTTP/2 requests in Amazon CloudFront when AWS WAF is enabled may allow remote actors to bypass managed rule body inspection. This occurs through...

9.8CVSS5.8AI score0.00438EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.10 views

PT-2026-53692

Name of the Vulnerable Software and Affected Versions AWS Application Load Balancer affected versions not specified Description Inconsistent interpretation of HTTP/2 requests in AWS Application Load Balancer when AWS WAF is enabled may allow remote actors to bypass managed rule body inspection. B...

9.8CVSS5.8AI score0.00473EPSS
Exploits0References10
Github Security Blog
Github Security Blog
added 2026/05/27 7:58 p.m.14 views

CrowdSec AppSec silently drops request body for chunked / HTTP-2 requests

Summary The CrowdSec AppSec component fails to read the HTTP request body for any request whose Content-Length is not positive — most notably HTTP/1.1 requests using Transfer-Encoding: chunked and HTTP/2 requests sent without a content-length header. Coraza is then evaluated against an empty body...

5.9AI score0.00038EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.14 views

PT-2026-44131

Name of the Vulnerable Software and Affected Versions crowdsec versions prior to 1.7.8 Description The AppSec component fails to read the HTTP request body when the Content-Length is not positive. This occurs specifically with HTTP/1.1 requests using Transfer-Encoding: chunked and HTTP/2 requests...

7.2CVSS5.9AI score0.00038EPSS
Exploits0References4
OSV
OSV
added 2026/03/27 5:43 p.m.4 views

GHSA-X744-4WPC-V9H2 Moby has AuthZ plugin bypass when provided oversized request bodies

Summary A security vulnerability has been detected that allows attackers to bypass authorization plugins AuthZ under specific circumstances. The base likelihood of this being exploited is low. This is an incomplete fix for CVE-2024-41110. Impact If you don't use AuthZ plugins, you are not affecte...

8.8CVSS5.8AI score0.08123EPSS
Exploits1References7
Rows per page
Query Builder