Lucene search
K

6 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/09/01 2:8 p.m.5 views

Security Bulletin: This vulnerability can lead to cache poisoning, data exposure, session manipulation, etc , which affects IBM watsonx.data

Summary Gunicorn version 21.2.0 does not properly validate the value of the 'Transfer-Encoding' header as specified in the RFC standards, which leads to the default fallback method of 'Content-Length,' making it vulnerable to TE.CL request smuggling. This vulnerability can lead to cache poisoning...

7.5CVSS6.6AI score0.02996EPSS
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2024/09/04 2:52 p.m.9 views

puppet-pulpcore: An authentication bypass vulnerability exists in pulpcore

An authentication bypass vulnerability has been identified in Pulpcore when deployed with Gunicorn versions prior to 22.0, due to the puppet-pulpcore configuration. This issue arises from Apache's modproxy not properly unsetting headers because of restrictions on underscores in HTTP headers,...

9.8CVSS5.7AI score0.00814EPSS
Exploits0References4
Prion
Prion
added 2018/04/18 7:29 p.m.19 views

Design/Logic Flaw

gunicorn version 19.4.5 contains a CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers vulnerability in "processheaders" function in "gunicorn/http/wsgi.py" that can result in an attacker causing the server to return arbitrary HTTP headers. This vulnerability appears to have been...

5CVSS7.4AI score0.02431EPSS
Exploits1References5Affected Software2
NVD
NVD
added 2018/04/18 7:29 p.m.13 views

CVE-2018-1000164

gunicorn version 19.4.5 contains a CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers vulnerability in "processheaders" function in "gunicorn/http/wsgi.py" that can result in an attacker causing the server to return arbitrary HTTP headers. This vulnerability appears to have been...

7.5CVSS7.5AI score0.02431EPSS
Exploits1References5
Debian CVE
Debian CVE
added 2018/04/18 7:0 p.m.79 views

CVE-2018-1000164

gunicorn version 19.4.5 contains a CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers vulnerability in "processheaders" function in "gunicorn/http/wsgi.py" that can result in an attacker causing the server to return arbitrary HTTP headers. This vulnerability appears to have been...

7.5CVSS7.6AI score0.02431EPSS
Exploits1
UbuntuCve
UbuntuCve
added 2018/04/18 12:0 a.m.30 views

CVE-2018-1000164

gunicorn version 19.4.5 contains a CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers vulnerability in "processheaders" function in "gunicorn/http/wsgi.py" that can result in an attacker causing the server to return arbitrary HTTP headers. This vulnerability appears to have been...

7.5CVSS7.2AI score0.02431EPSS
Exploits1References3
Rows per page
Query Builder