EUVD-2026-29950

Bandit: Unauthenticated one-shot DoS via Transfer-Encoding: chunked...

CVE-2026-39803

Allocation of Resources Without Limits or Throttling vulnerability in mtrudel bandit allows unauthenticated remote denial of service via memory exhaustion. The chunked clause of 'Elixir.Bandit.HTTP1.Socket':readdata/2 in lib/bandit/http1/socket.ex ignores the caller-supplied :length option when...

CVE-2026-29057

Next.js is a React framework for building full-stack web applications. Starting in version 9.5.0 and prior to versions 15.5.13 and 16.1.7, when Next.js rewrites proxy traffic to an external backend, a crafted DELETE/OPTIONS request using Transfer-Encoding: chunked could trigger request boundary...

CVE-2025-66373

Akamai Ghost on Akamai CDN edge servers before 2025-11-17 has a chunked request body processing error that can result in HTTP request smuggling. When Akamai Ghost receives an invalid chunked body that includes a chunk size different from the actual size of the following chunk data, under certain...

CVE-2025-66373

Akamai Ghost on Akamai CDN edge servers before 2025-11-17 has a chunked request body processing error that can result in HTTP request smuggling. When Akamai Ghost receives an invalid chunked body that includes a chunk size different from the actual size of the following chunk data, under certain...

Akamai Ghost 安全漏洞

Akamai Ghost is an HTTP service program from Akamai Corporation, USA. A security vulnerability exists in versions of Akamai Ghost prior to 2025-11-17, which stems from an error in the handling of chunked request bodies that could lead to HTTP request entrapment...

OESA-2025-1610 cpp-httplib security update

A C++11 single-file header-only cross platform HTTP/HTTPS library. It's extremely easy to setup. Just include httplib.h file in your code! Security Fixes: cpp-httplib is a C++ header-only HTTP/HTTPS server and client library. Prior to version 0.20.1, the library fails to enforce configured size...

DEBIAN-CVE-2021-22960

The parse function in llhttp 2.1.4 and 6.0.6. ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling HRS under certain conditions...

undertow: invalid HTTP request with large chunk size

A flaw was found in Undertow, regarding the processing of invalid HTTP requests with large chunk sizes. This flaw allows an attacker to take advantage of HTTP request smuggling...

CVE-2019-16789

In Waitress through version 1.4.0, if a proxy server is used in front of waitress, an invalid request may be sent by an attacker that bypasses the front-end and is parsed differently by waitress leading to a potential for HTTP request smuggling. Specially crafted requests containing special...

Cross-site Scripting (XSS)

PHP is vulnerable to Cross-site scripting XSS. It is due to a flaw in Apache2 component via body of 'Transfer-Encoding: chunked' request...

SUSE SLES12 Security Update : php7 (SUSE-SU-2018:2887-1)

This update for php7 fixes the following issues : CVE-2018-17082: The Apache2 component in PHP allowed XSS via the body of a 'Transfer-Encoding: chunked' request, because the bucket brigade was mishandled in the phphandler function bsc1108753. Note that Tenable Network Security has extracted the...

httpd: HTTP request smuggling attack against chunked request parser

Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which httpd would decode differently from an HTTP proxy software in front of it, possibly leading to HTTP...

Apache Httpd < 2.4.16 : HTTP request smuggling attack against chunked request parser

An HTTP request smuggling attack was possible due to a bug in parsing of chunked requests. A malicious client could force the server to misinterpret the request length, allowing cache poisoning or credential hijacking if an intermediary proxy is in use...

MGASA-2015-0081 Updated tomcat packages fix CVE-2014-0227

Updated tomcat packages fix security vulnerability: In Apache Tomcat 7.x before 7.0.55, it was possible to craft a malformed chunk as part of a chunked request that caused Tomcat to read part of the request body as a new request CVE-2014-0227...

CVE-2014-0227 Apache Tomcat Request Smuggling | Cloud Foundry

CVE-2014-0227 Apache Tomcat Request Smuggling Important Vendor Apache Software Foundation Versions Affected Apache Tomcat 8.0.0-RC1 to 8.0.8 inclusive Apache Tomcat 7.0.0 to 7.0.54 inclusive Apache Tomcat 6.0.0 to 6.0.41 inclusive Description It was possible to craft a malformed chunk as part of ...

MGASA-2014-0180 Updated apache-mod_security packages fix security vulnerability

Updated apache-modsecurity packages fix security vulnerability: Martin Holst Swende discovered a flaw in the way modsecurity handled chunked requests. A remote attacker could use this flaw to bypass intended modsecurity restrictions, allowing them to send requests containing content that should...