5 matches found
CVE-2015-5740
The CVE affects the Go net/http implementation (net/http/transfer.go) in versions before 1.4.3. The root cause is improper parsing of HTTP headers, which enables HTTP request smuggling via a request containing two Content-Length headers. The impact described across connected sources is remote, wi...
openSUSE Security Update : go (openSUSE-2016-907)
This update for go fixes the following issues : - CVE-2015-5739: 'Content Length' treated as valid header - CVE-2015-5740: Double content-length headers does not return 400 error - CVE-2015-5741: Additional hardening, not sending Content-Length w/Transfer-Encoding, Closing connections Go was...
Golang 1.4.3 CVE Fixes | Cloud Foundry
Golang 1.4.3 CVE Fixes Low Vendor Google Versions Affected Golang v1.4.2 and lower Description Several security issues were fixed in Go’s net / http package. The CVE issue descriptions and fixes are linked below: CVE-2015-5739 – ‘Content Length’ treated as valid header:...
Medium: golang, docker
Issue Overview: As discussed upstream -- http://seclists.org/oss-sec/2015/q3/294 and http://seclists.org/oss-sec/2015/q3/237 -- the Go project received notification of an HTTP request smuggling vulnerability in the net/http library. Invalid headers are parsed as valid headers like "Content Length...
Fedora 22 : golang-1.4.2-3.fc22 (2015-13002)
security fixes for net/http smuggling Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL...