9 matches found
ROS-20240401-04
HAProxy server software vulnerability is related to forwarding empty headers Content-Length. Exploitation of the vulnerability could allow an attacker acting remotely to perform an HTTP request smuggling attack. an HTTP request smuggling attack...
The vulnerability of the server software HAProxy, related to the rerouting of empty Content-Length headers, allows a hacker to perform a “HTTP request hijacking” attack.
The vulnerability of the server software HAProxy relates to the rerouting of empty headers called Content-Length. Exploiting this vulnerability allows a malicious actor to carry out an “HTTP request hijacking” attack...
nodejs: HTTP Request Smuggling via Empty headers separated by CR
A vulnerability has been identified in the Node.js, where llhttp parser in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling HRS...
nodejs: HTTP Request Smuggling via Empty headers separated by CR
A vulnerability has been identified in the Node.js, where llhttp parser in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling HRS...
nodejs: HTTP Request Smuggling via Empty headers separated by CR
A vulnerability has been identified in the Node.js, where llhttp parser in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling HRS...
SUSE CVE-2007-1863
cacheutil.c in the modcache module in Apache HTTP Server httpd, when caching is enabled and a threaded Multi-Processing Module MPM is used, allows remote attackers to cause a denial of service child processing handler crash via a request with the 1 s-maxage, 2 max-age, 3 min-fresh, or 4 max-stale...
USN-4848-1 mini-httpd vulnerability
It was discovered that ACME minihttpd did not properly handle HTTP GET requests with empty headers. A remote attacker could use this vulnerability to read arbitrary files...
FreeBSD : dovecot -- NULL pointer deref in notify with empty headers (b7dc4dde-2e48-43f9-967a-c68461537cf2)
Aki Tuomi reports Mail with group address as sender will cause a signal 11 crash in push notification drivers. Group address as recipient can cause crash in some drivers. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML...
dovecot -- null pointer deref in notify with empty headers
Aki Tuomi reports Mail with group address as sender will cause a signal 11 crash in push notification drivers. Group address as recipient can cause crash in some drivers...