59 matches found
Astra Linux - Vulnerability in Golang-1.19
The net/http HTTP/1.1 client mishandled the situation where a server responds to a request with an “Expect: 100-continue” header with a non-informational 200 or higher status. This mishandling could leave a client connection in an invalid state, causing the next request sent on that connection to...
NewStart CGSL MAIN 7.02 : golang Multiple Vulnerabilities (NS-SA-2025-0254)
The remote NewStart CGSL host, running version MAIN 7.02, has golang packages installed that are affected by multiple vulnerabilities: - The various Is methods IsPrivate, IsLoopback, etc did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true...
undertow: Memory exhaustion issue in HttpReadListener via "Expect: 100-continue" header
A flaw was discovered in Undertow where certain requests to the "Expect: 100-continue" header may cause an out of memory error. This flaw may potentially lead to a denial of service...
Linux Distros Unpatched Vulnerability : CVE-2020-10705
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was discovered in Undertow in versions before Undertow 2.1.1.Final where certain requests to the Expect: 100-continue header may cause an out of memory...
CVE-2025-32094
An issue was discovered in Akamai Ghost, as used for the Akamai CDN platform before 2025-03-26. Under certain circumstances, a client making an HTTP/1.x OPTIONS request with an "Expect: 100-continue" header, and using obsolete line folding, can lead to a discrepancy in how two in-path Akamai...
CVE-2023-30756
A vulnerability has been identified in SIMATIC CP 1242-7 V2 incl. SIPLUS variants All versions V3.5.20, SIMATIC CP 1243-1 incl. SIPLUS variants All versions V3.5.20, SIMATIC CP 1243-1 DNP3 incl. SIPLUS variants All versions V3.5.20, SIMATIC CP 1243-1 IEC incl. SIPLUS variants All versions V3.5.20...
OESA-2025-1451 etcd security update
%expand: Security Fixes: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large...
Netscaler-14.1- How NetScaler handles expect:100 continue header
When NetScaler gets an HTTP request that includes the Expect: 100-Continue header, it sends a 100 Continue response back to the client. This step is important because NetScaler’s Application Firewall needs to review the full request—including the body—before passing it on to the backend server...
The vulnerability of the Apache Traffic Server web server arises from discrepancies in functionality compared to the specifications. This allows attackers to compromise the accessibility of the protected information.
The vulnerability of the Apache Traffic Server web server is related to discrepancies in functionality according to the specification when processing the Expect header. Exploiting this vulnerability allows a remote attacker to compromise the accessibility of protected information...
CVE-2024-56202 Apache Traffic Server: Expect header field can unreasonably retain resource
Expected Behavior Violation vulnerability in Apache Traffic Server. This issue affects Apache Traffic Server: from 9.0.0 through 9.2.8, from 10.0.0 through 10.0.3. Users are recommended to upgrade to versions 9.2.9 or 10.0.4 or newer, which fixes the issue...
OESA-2025-1057 buildah security update
The package provides a command line tool which can be used to create a working container from scratch or create a working container from an image as a starting point mount/umount a working container's root file system for manipulation save container's root file system layer to create a new image...
The vulnerability of web-servers of microprogramming software for devices such as SIMATIC CP, SIMATIC HMI, SIMATIC IPC, and SIMATIC WinCC Runtime Advanced DiagBase, as well as SIPLUS TIM, allows a perpetrator to cause service interruptions.
The vulnerability of web-servers of microprogramming software for SIMATIC CP, SIMATIC HMI, SIMATIC IPC, and SIMATIC WinCC Runtime Advanced DiagBase, as well as SIPLUS TIM, is related to errors in variable name assignments. Exploiting this vulnerability can allow attackers to cause system failures...
PT-2024-7079 · Siemens · Simatic Cp 1242-7 V2 +11
Name of the Vulnerable Software and Affected Versions: SIMATIC CP 1242-7 V2 incl. SIPLUS variants versions prior to V3.5.20 SIMATIC CP 1243-1 incl. SIPLUS variants versions prior to V3.5.20 SIMATIC CP 1243-1 DNP3 incl. SIPLUS variants versions prior to V3.5.20 SIMATIC CP 1243-1 IEC incl. SIPLUS...
OESA-2024-2059 golang security update
. Security Fixes: The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational 200 or higher status. This mishandling could leave a client connection in an invalid state, where the next request sent on the...
OESA-2024-1978 golang security update
. Security Fixes: The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational 200 or higher status. This mishandling could leave a client connection in an invalid state, where the next request sent on the...
OESA-2024-1979 golang security update
. Security Fixes: The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational 200 or higher status. This mishandling could leave a client connection in an invalid state, where the next request sent on the...
OESA-2024-1980 golang security update
. Security Fixes: The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational 200 or higher status. This mishandling could leave a client connection in an invalid state, where the next request sent on the...
OESA-2024-1952 golang security update
. Security Fixes: The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational 200 or higher status. This mishandling could leave a client connection in an invalid state, where the next request sent on the...
Medium: golang
Issue Overview: The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational 200 or higher status. This mishandling could leave a client connection in an invalid state, where the next request sent on the...
Medium: golang
Issue Overview: The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational 200 or higher status. This mishandling could leave a client connection in an invalid state, where the next request sent on the...