SUSE CVE-2026-2581

This is an uncontrolled resource consumption vulnerability CWE-400 that can lead to Denial of Service DoS. In vulnerable Undici versions, when interceptors.deduplicate is enabled, response data for deduplicated requests could be accumulated in memory for downstream handlers. An attacker-controlle...

undici: Undici: Denial of Service due to uncontrolled resource consumption

A flaw was found in Undici. When the interceptors.deduplicate feature is enabled, response data for deduplicated requests can accumulate in memory. A remote attacker, by sending large or chunked responses and concurrent identical requests from an untrusted endpoint, can exploit this uncontrolled...

CVE-2026-2581

A flaw was found in Undici. When the interceptors.deduplicate feature is enabled, response data for deduplicated requests can accumulate in memory. A remote attacker, by sending large or chunked responses and concurrent identical requests from an untrusted endpoint, can exploit this uncontrolled...

PT-2026-25067

Impact This is an uncontrolled resource consumption vulnerability CWE-400 that can lead to Denial of Service DoS. In vulnerable Undici versions, when interceptors.deduplicate is enabled, response data for deduplicated requests could be accumulated in memory for downstream handlers. An...

MiracleLinux 7 : wget-1.14-15.el7.1 (AXSA:2017-2381:03)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2017-2381:03 advisory. A stack-based and a heap-based buffer overflow flaws were found in wget when processing chunked encoded HTTP responses. By tricking an unsuspecting...

EUVD-2021-10153

Malware in sbrugna...

CVE-2021-23035

On BIG-IP 14.1.x before 14.1.4.4, when an HTTP profile is configured on a virtual server, after a specific sequence of packets, chunked responses can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluat...

undertow: response write hangs in case of Java 17 TLSv1.3 NewSessionTicket

A vulnerability was found in Undertow, where the chunked response hangs after the body was flushed. The response headers and body were sent but the client would continue waiting as Undertow does not send the expected 0\r\n termination of the chunked response. This results in uncontrolled resource...

undertow: response write hangs in case of Java 17 TLSv1.3 NewSessionTicket

A vulnerability was found in Undertow, where the chunked response hangs after the body was flushed. The response headers and body were sent but the client would continue waiting as Undertow does not send the expected 0\r\n termination of the chunked response. This results in uncontrolled resource...

undertow: response write hangs in case of Java 17 TLSv1.3 NewSessionTicket

A vulnerability was found in Undertow, where the chunked response hangs after the body was flushed. The response headers and body were sent but the client would continue waiting as Undertow does not send the expected 0\r\n termination of the chunked response. This results in uncontrolled resource...

Denial Of Service (DoS)

Undertow is vulnerable to Denial Of Service DoS. The vulnerability is due to Undertow's failure to send the expected termination sequence 0\r\n for chunked responses after flushing the response body. The vulnerability allows an attacker to exploit the incomplete handling of chunked responses in...

DEBIAN-CVE-2024-5971

A vulnerability was found in Undertow, where the chunked response hangs after the body was flushed. The response headers and body were sent but the client would continue waiting as Undertow does not send the expected 0\r\n termination of the chunked response. This results in uncontrolled resource...

Red Hat Undertow Security Vulnerability

Red Hat Undertow is a Java-based embedded web server from Red Hat, Inc. and is the default web server for Wildfly Java Application Server. A security vulnerability exists in Red Hat Undertow that stems from a chunked response that hangs after a body refresh, which can lead to uncontrolled resourc...

PT-2024-37282 · Undertow · Undertow

Name of the Vulnerable Software and Affected Versions: Undertow affected versions not specified Description: A vulnerability was found in Undertow, where the chunked response hangs after the body was flushed. The response headers and body were sent, but the client would continue waiting as Undert...

F5 Networks BIG-IP : TMM vulnerability (K70415522)

The version of F5 Networks BIG-IP installed on the remote host is prior to 14.1.4.4. It is, therefore, affected by a vulnerability as referenced in the K70415522 advisory. - On BIG-IP 14.1.x before 14.1.4.4, when an HTTP profile is configured on a virtual server, after a specific sequence of...

CVE-2021-23035

On BIG-IP 14.1.x before 14.1.4.4, when an HTTP profile is configured on a virtual server, after a specific sequence of packets, chunked responses can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluat...

Code injection

On BIG-IP 14.1.x before 14.1.4.4, when an HTTP profile is configured on a virtual server, after a specific sequence of packets, chunked responses can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluat...

F5 BIG-IP 输入验证错误漏洞

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. A denial of service vulnerability exists in F5 BIG-IP TMM, which stems from the fact that in the case of HTTP profiles...

UBUNTU-CVE-2020-3299

Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured File Policy for HTTP. The vulnerability is due to incorrect detection of modified HTTP packets used in chunked responses. An attacker...

CVE-2020-3299 Multiple Cisco Products SNORT HTTP Detection Engine File Policy Bypass Vulnerability

Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured File Policy for HTTP. The vulnerability is due to incorrect detection of modified HTTP packets used in chunked responses. An attacker...