20 matches found
CVE-2026-26365
Akamai Ghost on Akamai CDN edge servers before 2026-02-06 mishandles processing of custom hop-by-hop HTTP headers, where an incoming request containing the header "Connection: Transfer-Encoding" could result in a forward request with invalid message framing, depending on the Akamai processing pat...
CVE-2026-26365
Akamai Ghost on Akamai CDN edge servers before 2026-02-06 mishandles processing of custom hop-by-hop HTTP headers, where an incoming request containing the header "Connection: Transfer-Encoding" could result in a forward request with invalid message framing, depending on the Akamai processing pat...
Akamai Ghost 环境问题漏洞
Akamai Ghost is an HTTP service program developed by the American company Akamai. Versions of Akamai Ghost prior to 2026-02-06 contained environmental issues. These issues stemmed from improper handling of custom hop-by-hop HTTP headers, which could lead to HTTP requests being interspersed with...
CVE-2026-26365
Akamai Ghost on Akamai CDN edge servers before 2026-02-06 mishandles processing of custom hop-by-hop HTTP headers, where an incoming request containing the header "Connection: Transfer-Encoding" could result in a forward request with invalid message framing, depending on the Akamai processing pat...
EUVD-2022-47981
Malicious code in bioql PyPI...
CVE-2025-48865 Fabio allows HTTP clients to manipulate custom headers it adds
Fabio is an HTTPS and TCP router for deploying applications managed by consul. Prior to version 1.6.6, Fabio allows clients to remove X-Forwarded headers except X-Forwarded-For due to a vulnerability in how it processes hop-by-hop headers. Fabio adds HTTP headers like X-Forwarded-Host and...
Fabio 安全漏洞
Fabio is a Fabio open source application. A security vulnerability exists in Fabio versions prior to 1.6.6 that stems from allowing clients to remove X-Forwarded headers when processing hop-by-hop headers, which could lead to a security hole...
GHSA-Q7P4-7XJV-J3WF Fabio allows HTTP clients to manipulate custom headers it adds
Summary Fabio allows clients to remove X-Forwarded headers except X-Forwarded-For due to a vulnerability in how it processes hop-by-hop headers. Fabio adds HTTP headers like X-Forwarded-Host and X-Forwarded-Port when routing requests to backend applications. Since the receiving application should...
Fabio allows HTTP clients to manipulate custom headers it adds
Summary Fabio allows clients to remove X-Forwarded headers except X-Forwarded-For due to a vulnerability in how it processes hop-by-hop headers. Fabio adds HTTP headers like X-Forwarded-Host and X-Forwarded-Port when routing requests to backend applications. Since the receiving application should...
HTTP Hop-By-Hop Headers Detected
This is an informational plugin to inform the user that the scanner detected that the target application handles specific HTTP headers as hop-by-hop headers. No source data...
OESA-2023-1916 varnish security update
This is Varnish Cache, a web application accelerator also known as a caching HTTP reverse proxy. You install it in front of any server that speaks HTTP and configure it to cache the contents. Varnish Cache is really, really fast. It typically speeds up delivery with a factor of 300 - 1000x,...
CVE-2023-34041
Cloud foundry routing release versions prior to 0.278.0 are vulnerable to abuse of HTTP Hop-by-Hop Headers. An unauthenticated attacker can use this vulnerability for headers like B3 or X-B3-SpanID to affect the identification value recorded in the logs in foundations...
CVE-2023-34041
CVE-2023-34041 affects Cloud Foundry Router (gorouter) releases before 0.278.0, where HTTP Hop-by-Hop headers (notably B3 and X-B3-SpanID) can be abused to alter the identifiers logged in foundations. Exploitation requires no authentication and can influence log-trace values, per multiple sources...
PT-2023-24652 · Cloud Foundry · Cloud Foundry Routing
Name of the Vulnerable Software and Affected Versions: Cloud Foundry Routing versions prior to 0.278.0 Description: The issue allows an unauthenticated attacker to abuse HTTP Hop-by-Hop Headers, affecting the identification value recorded in logs. Specifically, headers like B3 or X-B3-SpanID can ...
CVE-2023-34041-Abuse of HTTP Hop-by-Hop Headers in Cloud Foundry Gorouter | Cloud Foundry
Severity Medium Vendor Cloud Foundry Description Cloud foundry routing release versions prior to 0.278.0 are vulnerable to abuse of HTTP Hop-by-Hop Headers. An unauthenticated attacker can use this vulnerability for headers like B3 or X-B3-SpanID to affect the identification value recorded in the...
SUSE CVE-2022-45059
An issue was discovered in Varnish Cache 7.x before 7.1.2 and 7.2.x before 7.2.1. A request smuggling attack can be performed on Varnish Cache servers by requesting that certain headers are made hop-by-hop, preventing the Varnish Cache servers from forwarding critical headers to the backend...
DEBIAN-CVE-2022-45059
An issue was discovered in Varnish Cache 7.x before 7.1.2 and 7.2.x before 7.2.1. A request smuggling attack can be performed on Varnish Cache servers by requesting that certain headers are made hop-by-hop, preventing the Varnish Cache servers from forwarding critical headers to the backend...
PT-2022-27394
Name of the Vulnerable Software and Affected Versions Varnish Cache versions 7.0.0 through 7.1.1 Varnish Cache versions 7.2.0 through 7.2.0 Description An issue was discovered in Varnish Cache, allowing a request smuggling attack to be performed on Varnish Cache servers. This occurs when certain...
CVE-2022-45059
An issue was discovered in Varnish Cache 7.x before 7.1.2 and 7.2.x before 7.2.1. A request smuggling attack can be performed on Varnish Cache servers by requesting that certain headers are made hop-by-hop, preventing the Varnish Cache servers from forwarding critical headers to the backend...
Missing Authorization
Overview std/net/http/httputil is a Go standard library package std/net/http/httputil Affected versions of this package are vulnerable to Missing Authorization. Go Vulnerability Report: ReverseProxy can be made to forward certain hop-by-hop headers, including Connection. If the target of the...