5 matches found
CVE-2025-43859 h11 accepts some malformed Chunked-Encoding bodies
h11 is a Python implementation of HTTP/1.1. Prior to version 0.16.0, a leniency in h11's parsing of line terminators in chunked-coding message bodies can lead to request smuggling vulnerabilities under certain conditions. This issue has been patched in version 0.16.0. Since exploitation requires...
tomcat: multiple content-length header poisoning flaws
It was found that when Tomcat / JBoss Web processed a series of HTTP requests in which at least one request contained either multiple content-length headers, or one content-length header with a chunked transfer-encoding header, Tomcat / JBoss Web would incorrectly handle the request. A remote...
openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2010:0957-1)
Icedtea included in java-160-openjdk was updated to version 1.7.5/1.8.2/1.9.1 to fix several security issues : - S6914943, CVE-2009-3555: TLS: MITM attacks via session renegotiation - S6559775, CVE-2010-3568: OpenJDK Deserialization Race condition - S6891766, CVE-2010-3554: OpenJDK corba reflecti...
openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2010:0957-1)
Icedtea included in java-160-openjdk was updated to version 1.7.5/1.8.2/1.9.1 to fix several security issues : - S6914943, CVE-2009-3555: TLS: MITM attacks via session renegotiation - S6559775, CVE-2010-3568: OpenJDK Deserialization Race condition - S6891766, CVE-2010-3554: OpenJDK corba reflecti...
Apache Httpd < 2.0.37 : Apache Chunked encoding vulnerability
Malicious requests can cause various effects ranging from a relatively harmless increase in system resources through to denial of service attacks and in some cases the ability to execute arbitrary remote code...