Lucene search
K

86 matches found

CVE
CVE
added 2026/02/03 2:38 p.m.45 views

CVE-2025-14550

CVE-2025-14550 is a Django vulnerability affecting multiple supported branches where ASGIRequest can be abused by a crafted request with duplicate headers to trigger a denial-of-service. Affected versions include 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28; older series (e.g., 5.0....

7.5CVSS5.5AI score0.00993EPSS
Exploits0References3Affected Software1
AlpineLinux
AlpineLinux
added 2026/02/03 2:38 p.m.7 views

CVE-2025-14550

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. ASGIRequest allows a remote attacker to cause a potential denial-of-service via a crafted request with multiple duplicate headers. Earlier, unsupported Django series such as 5.0.x, 4.1.x, and 3.2.x were not...

7.5CVSS5.5AI score0.00993EPSS
Exploits0
OSV
OSV
added 2026/02/03 2:0 p.m.4 views

UBUNTU-CVE-2025-14550

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. ASGIRequest allows a remote attacker to cause a potential denial-of-service via a crafted request with multiple duplicate headers. Earlier, unsupported Django series such as 5.0.x, 4.1.x, and 3.2.x were not...

7.5CVSS7.1AI score0.00993EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.8 views

PT-2026-5880

Name of the Vulnerable Software and Affected Versions Django versions 6.0 through 6.0.1 Django versions 5.2 through 5.2.10 Django versions 4.2 through 4.2.27 Django versions 5.0.x and earlier Django versions 4.1.x and earlier Django versions 3.2.x and earlier Description The ASGIRequest component...

7.5CVSS5.5AI score0.09436EPSS
Exploits2References28
RedHat Linux
RedHat Linux
added 2026/01/28 7:28 p.m.44 views

libsoup: libsoup: Duplicate Host Header Handling Causes Host-Parsing Discrepancy (First- vs Last-Value Wins)

A flaw in libsoup’s HTTP header handling allows multiple Host: headers in a request and returns the last occurrence for server-side processing. Common front proxies often honor the first Host: header, so this mismatch can cause vhost confusion where a proxy routes a request to one backend but the...

8.2CVSS5.8AI score0.00505EPSS
Exploits0References5
OSV
OSV
added 2026/01/28 11:11 a.m.9 views

CLSA-2026-1769598671 libsoup: Fix of CVE-2025-14523

CVE-2025-14523: reject duplicate Host headers to prevent request smuggling, cache poisoning, and host-based access control bypass attacks...

8.2CVSS5.8AI score0.00505EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/01/21 5:40 a.m.8 views

libsoup: libsoup: Duplicate Host Header Handling Causes Host-Parsing Discrepancy (First- vs Last-Value Wins)

A flaw in libsoup’s HTTP header handling allows multiple Host: headers in a request and returns the last occurrence for server-side processing. Common front proxies often honor the first Host: header, so this mismatch can cause vhost confusion where a proxy routes a request to one backend but the...

8.2CVSS5.8AI score0.00505EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/01/21 5:40 a.m.13 views

libsoup: libsoup: Duplicate Host Header Handling Causes Host-Parsing Discrepancy (First- vs Last-Value Wins)

A flaw in libsoup’s HTTP header handling allows multiple Host: headers in a request and returns the last occurrence for server-side processing. Common front proxies often honor the first Host: header, so this mismatch can cause vhost confusion where a proxy routes a request to one backend but the...

8.2CVSS5.8AI score0.00505EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/01/12 2:53 a.m.5 views

libsoup: libsoup: Duplicate Host Header Handling Causes Host-Parsing Discrepancy (First- vs Last-Value Wins)

A flaw in libsoup’s HTTP header handling allows multiple Host: headers in a request and returns the last occurrence for server-side processing. Common front proxies often honor the first Host: header, so this mismatch can cause vhost confusion where a proxy routes a request to one backend but the...

8.2CVSS5.8AI score0.00505EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/01/12 2:24 a.m.7 views

libsoup: libsoup: Duplicate Host Header Handling Causes Host-Parsing Discrepancy (First- vs Last-Value Wins)

A flaw in libsoup’s HTTP header handling allows multiple Host: headers in a request and returns the last occurrence for server-side processing. Common front proxies often honor the first Host: header, so this mismatch can cause vhost confusion where a proxy routes a request to one backend but the...

8.2CVSS5.8AI score0.00505EPSS
Exploits0References5
OSV
OSV
added 2024/12/16 2:6 p.m.18 views

BIT-NODE-MIN-2020-8287

Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in an HTTP request for example, two Transfer-Encoding header fields. In this case, Node.js identifies the first header field and ignores the second. This can lead to HTTP Request Smuggling...

6.5CVSS7.2AI score0.16296EPSS
Exploits2References11
OSV
OSV
added 2024/09/24 1:16 p.m.2 views

USN-7031-1 puma vulnerability

It was discovered that Puma incorrectly handled parsing certain headers. A remote attacker could possibly use this issue to overwrite header values set by intermediate proxies by providing duplicate headers containing underscore characters...

5.4CVSS7.2AI score0.00646EPSS
Exploits0References2
Citrix
Citrix
added 2023/08/16 12:0 a.m.12 views

How to delete duplicate HSTS header

Explain how to eliminate the duplicate HSTS header Duplicated header HSTS Why? it could come from a backend server, and also being applied from the ADC Vserver configuration, so we need to decide which header to keep. In this case, the client wants to delete the HSTS header coming from the server...

7AI score
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 6:11 a.m.4 views

SUSE CVE-2007-3947

request.c in lighttpd 1.4.15 allows remote attackers to cause a denial of service daemon crash by sending an HTTP request with duplicate headers, as demonstrated by a request containing two Location header lines, which results in a segmentation fault...

5.8CVSS6.8AI score0.08072EPSS
Exploits2References4
SUSE CVE
SUSE CVE
added 2023/02/15 6:7 a.m.4 views

SUSE CVE-2008-4298

Memory leak in the httprequestparse function in request.c in lighttpd before 1.4.20 allows remote attackers to cause a denial of service memory consumption via a large number of requests with duplicate request headers...

5CVSS6.8AI score0.03526EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 4:1 a.m.4 views

SUSE CVE-2020-8287

Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in an HTTP request for example, two Transfer-Encoding header fields. In this case, Node.js identifies the first header field and ignores the second. This can lead to HTTP Request Smuggling...

6.5CVSS7.5AI score0.16296EPSS
Exploits2References16
OSV
OSV
added 2021/04/07 11:2 a.m.7 views

OESA-2021-1117 tomcat security update

The Apache Tomcat software is developed in an open and participatory environment and released under the Apache License version 2. The Apache Tomcat project is intended to be a collaboration of the best-of-breed developers from around the world. We invite you to participate in this open developmen...

7.5CVSS7.5AI score0.18114EPSS
Exploits15References3
OSV
OSV
added 2021/01/06 9:15 p.m.2 views

DEBIAN-CVE-2020-8287

Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in an HTTP request for example, two Transfer-Encoding header fields. In this case, Node.js identifies the first header field and ignores the second. This can lead to HTTP Request Smuggling...

6.5CVSS7AI score0.16296EPSS
Exploits2References1
OSV
OSV
added 2021/01/06 9:15 p.m.3 views

UBUNTU-CVE-2020-8287

Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in an HTTP request for example, two Transfer-Encoding header fields. In this case, Node.js identifies the first header field and ignores the second. This can lead to HTTP Request Smuggling...

6.5CVSS6.9AI score0.16296EPSS
Exploits2References6
Positive Technologies
Positive Technologies
added 2020/01/24 12:0 a.m.11 views

PT-2021-2152 · Node.Js +9 · Node.Js +9

Name of the Vulnerable Software and Affected Versions: Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 Description: The issue is related to inconsistent interpretation of HTTP requests. This can lead to HTTP Request Smuggling when two copies of a header field are present in an HTTP...

9.8CVSS6.5AI score0.77766EPSS
Exploits39References351
Rows per page
Query Builder