3 matches found
PT-2026-44131
Name of the Vulnerable Software and Affected Versions crowdsec versions prior to 1.7.8 Description The AppSec component fails to read the HTTP request body when the Content-Length is not positive. This occurs specifically with HTTP/1.1 requests using Transfer-Encoding: chunked and HTTP/2 requests...
CVE-2025-47700 AI plugin APIs can be triggered using post actions
Mattermost Server versions 10.5.x = 10.5.9 utilizing the Agents plugin fail to reject empty request bodies which allows users to trick users into clicking malicious links via post actions...
SUSE CVE-2010-0408
The approxyajprequest function in modproxyajp.c in modproxyajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service backend server outage via a crafted request,...