Lucene search
K

5 matches found

RedHat Linux
RedHat Linux
added 2026/05/18 12:12 p.m.26 views

io.netty/netty-codec-http: Netty: Request smuggling via incorrect parsing of HTTP/1.1 chunked transfer encoding extension values

A flaw was found in Netty. A remote attacker could exploit this vulnerability by sending specially crafted HTTP/1.1 chunked transfer encoding extension values. Due to incorrect parsing of quoted strings, this flaw enables request smuggling attacks, potentially allowing an attacker to bypass...

7.5CVSS6.7AI score0.0064EPSS
Exploits1References8
RedHat Linux
RedHat Linux
added 2026/04/14 5:18 p.m.2 views

io.netty/netty-codec-http: Netty: Request smuggling via incorrect parsing of HTTP/1.1 chunked transfer encoding extension values

A flaw was found in Netty. A remote attacker could exploit this vulnerability by sending specially crafted HTTP/1.1 chunked transfer encoding extension values. Due to incorrect parsing of quoted strings, this flaw enables request smuggling attacks, potentially allowing an attacker to bypass...

7.5CVSS5.8AI score0.0064EPSS
Exploits1References8
OSV
OSV
added 2026/04/14 10:59 a.m.3 views

CVE-2026-2332 HTTP Request Smuggling via Chunked Extension Quoted-String Parsing

In Eclipse Jetty, the HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used, similar to the "funky chunks" techniques outlined here: https://w4ke.info/2025/06/18/funky-chunks.html https://w4ke.info/2025/10/29/funky-chunks-2.html Jetty terminates chunk extension parsing...

7.4CVSS6AI score0.01127EPSS
Exploits1References16
Vulnrichment
Vulnrichment
added 2026/03/27 7:54 p.m.3 views

CVE-2026-33870 Netty: HTTP Request Smuggling via Chunked Extension Quoted-String Parsing

Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, Netty incorrectly parses quoted strings in HTTP/1.1 chunked transfer encoding extension values, enabling request smuggling attacks. Versions 4.1.132.Final and 4.2.10.Final fi...

7.5CVSS5.8AI score0.0064EPSS
Exploits1References4
Imperva Blog
Imperva Blog
added 2025/08/21 3:35 p.m.19 views

Smuggling Requests with Chunked Extensions: A New HTTP Desync Trick

A new HTTP request smuggling technique was recently discovered, where attackers take advantage of inconsistent parsing behaviors between front-end proxy servers and back-end application servers. This attack technique leverages ambiguous request formatting to inject malicious secondary requests th...

7AI score
Exploits0
Rows per page
Query Builder