📄 Gakido CRLF Injection

A vulnerability was discovered in Gakido that allowed HTTP header injection through CRLF sequences in user-supplied header values and names. Versions prior to 0.1.1 are affected. Gakido - CRLF Injection Advisory ID: RO-26-005 CVE ID: CVE-2026-24489 Severity: Medium Vendor: HappyHackingSpace...

The vulnerability of the Apache Traffic Server web server, related to defects in the processing of HTTP request headers, allows attackers to send hidden HTTP requests (HTTP Request Smuggling attack).

The vulnerability of the Apache Traffic Server web server is related to deficiencies in the processing of HTTP request headers. Exploiting this vulnerability allows a malicious actor to send hidden HTTP requests remotely HTTP Request Smuggling attack...

PT-2024-30577 · Sharp +1 · Sharp Mfps +1

Name of the Vulnerable Software and Affected Versions: Sharp and Toshiba Tec MFPs affected versions not specified Description: The issue is related to the improper processing of HTTP request headers, resulting in an Out-of-bounds Read. Crafted HTTP requests may cause the affected products to cras...

The vulnerability of the Pandora FMS system’s monitoring and management interface allows a perpetrator to execute arbitrary SQL queries and gain unauthorized access to protected information.

The vulnerability of the Pandora FMS system’s monitoring and management interface relates to the improper processing of SQL query headers. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries and gain unauthorized access to protected information...

haproxy: request smuggling attack in HTTP/1 header parsing

A flaw was found in HAProxy's headers processing that causes HAProxy to drop important headers fields such as Connection, Content-length, Transfer-Encoding, and Host after having partially processed them. A maliciously crafted HTTP request could be used in an HTTP request smuggling attack to bypa...

The vulnerability in the implementation of the `rejectIllegalHeader` attribute in the Apache Tomcat application server allows a attacker to send hidden HTTP requests (HTTP Request Smuggling attack).

The vulnerability of the Apache Tomcat application server’s implementation of the rejectIllegalHeader attribute is related to deficiencies in the processing of HTTP requests containing the Content-Length header. Exploiting this vulnerability allows a malicious actor to send hidden HTTP requests...

The vulnerability of the Microsoft Internet Information Server (IIS) operating system on Windows allows a perpetrator to execute a type of attack known as “cross-site scripting attacks”.

The vulnerability of the Microsoft Internet Information Server IIS operating systems on Windows is related to incorrect processing of request headers. Exploiting this vulnerability allows a malicious actor to execute a type of attack known as “cross-site request forgeing” by sending specially...