HTTP Request Smuggling

Overview io.undertow:undertow-core is a Java web server based on non-blocking IO. Affected versions of this package are vulnerable to HTTP Request Smuggling via the proxy server. An attacker can gain unauthorized access or manipulate web requests by sending specially crafted header block...

Undertow 环境问题漏洞

Undertow is a web server provided by the Undertow company in the United States. Undertow has an environmental issue vulnerability, which stems from the ability of remote attackers to send specific header block terminators, potentially leading to request payload attacks...

HTTP Request Smuggling (HRS)

webrick is vulnerable to HTTP Request Smuggling. The vulnerability is due to inconsistent parsing of HTTP header terminators in the readheaders method, which allows attackers to smuggle arbitrary HTTP requests when deployed behind certain HTTP proxies...

DEBIAN-CVE-2025-6442

Ruby WEBrick readheader HTTP Request Smuggling Vulnerability. This vulnerability allows remote attackers to smuggle arbitrary HTTP requests on affected installations of Ruby WEBrick. This issue is exploitable when the product is deployed behind an HTTP proxy that fulfills specific conditions. The...

Webrick 环境问题漏洞

Webrick is an HTTP server toolkit open-sourced by The Ruby Programming Language. Webrick suffers from an environment issue vulnerability that stems from inconsistent parsing of HTTP header terminators by the readheaders method, which could lead to an HTTP request entrapment attack...

CVE-2010-2629

The Cisco Content Services Switch CSS 11500 with software 8.20.4.02 and the Application Control Engine ACE 4710 with software A23.0 do not properly handle LF header terminators in situations where the GET line is terminated by CRLF, which allows remote attackers to conduct HTTP request smuggling...