534 matches found
CVE-2024-31617
OpenLiteSpeed before 1.8.1 mishandles chunked encoding...
CVE-2024-31617
OpenLiteSpeed before 1.8.1 mishandles chunked encoding...
CVE-2024-31617
OpenLiteSpeed before 1.8.1 mishandles chunked encoding...
CVE-2024-31617
OpenLiteSpeed before 1.8.1 mishandles chunked encoding...
CVE-2024-31617
OpenLiteSpeed before 1.8.1 mishandles chunked encoding. Affected software: OpenLiteSpeed (web server). Root cause: mishandling of chunked encoding. Impact stated in sources is limited to the server misbehavior; no explicit exploitation details are provided in the documents. Mitigation: upgrade to...
Litespeed Technologie OpenLiteSpeed 安全漏洞
Litespeed Technologie OpenLiteSpeed is an open source web server from Litespeed Technologie. A security vulnerability exists in versions of OpenLiteSpeed prior to 1.8.1 that stems from an inability to properly handle chunked encoding...
PT-2024-24157 · Unknown · Openlitespeed
Name of the Vulnerable Software and Affected Versions: OpenLiteSpeed versions prior to 1.8.1 Description: The issue is related to the mishandling of chunked encoding. Recommendations: For versions prior to 1.8.1, update to version 1.8.1 or later to resolve the issue...
squid: Denial of Service in HTTP Chunked Decoding
A flaw was found in Squid. This issue may allow a remote attacker to trigger an uncontrolled recursion bug when sending a specially crafted, chunked, encoded HTTP Message, resulting in a denial of service...
Medium: cni-plugins
Issue Overview: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of da...
Medium: ecs-init
Issue Overview: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of da...
SUSE: Security Advisory (SUSE-SU-2024:1114-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Rocky Linux 8 : nodejs:20 (RLSA-2024:1687)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:1687 advisory. - The Node.js Permission Model does not clarify in the documentation that wildcards should be only used as the last character of a file path. For exampl...
nodejs: reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks
A flaw was found in Node.js due to a lack of safeguards on chunk extension bytes. The server may read an unbounded number of bytes from a single connection, which can allow an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and a denial of...
nodejs: reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks
A flaw was found in Node.js due to a lack of safeguards on chunk extension bytes. The server may read an unbounded number of bytes from a single connection, which can allow an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and a denial of...
nodejs: reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks
A flaw was found in Node.js due to a lack of safeguards on chunk extension bytes. The server may read an unbounded number of bytes from a single connection, which can allow an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and a denial of...
nodejs: reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks
A flaw was found in Node.js due to a lack of safeguards on chunk extension bytes. The server may read an unbounded number of bytes from a single connection, which can allow an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and a denial of...
openSUSE Security Advisory (SUSE-SU-2024:1113-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
nodejs: reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks
A flaw was found in Node.js due to a lack of safeguards on chunk extension bytes. The server may read an unbounded number of bytes from a single connection, which can allow an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and a denial of...
SUSE-SU-2024:1115-1 Security update for squid
This update for squid fixes the following issues: - CVE-2024-25617: Fixes denial of service in HTTP header parser bsc1219960 - CVE-2024-25111: Fixes Chunked Encoding Stack Overflow bsc1216715...
SUSE-SU-2024:1114-1 Security update for squid
This update for squid fixes the following issues: - CVE-2024-25617: Fixes denial of service in HTTP header parser bsc1219960 - CVE-2024-25111: Fixes Chunked Encoding Stack Overflow bsc1216715...