3 matches found
CVE-2025-12642
Lighttpd 1.4.80 is affected by an HTTP header smuggling vulnerability caused by incorrectly merging trailer fields into headers during request parsing. This can enable bypassing access controls and injecting unsafe input into backend logic that relies on headers, with potential for HTTP Request S...
EUVD-2020-24849
Malware in sbrugna...
haproxy: request smuggling attack or response splitting via duplicate content-length header
Proxy server haproxy has a flaw that can could allow an HTTP request smuggling attack with the goal of bypassing access-control list rules defined by haproxy. The attack was made possible by utilizing an integer overflow vulnerability that allowed reaching an unexpected state in haproxy while...