Lucene search
K

41 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2021-10117

Malware in sbrugna...

7.5CVSS7.4AI score0.00961EPSS
Exploits0References2
CVE
CVE
added 2025/08/07 12:0 a.m.49 views

CVE-2025-32094

Summary (CVE-2025-32094): Akamai Ghost (Akamai CDN) before 2025-03-26 is affected by HTTP/1.1 request smuggling when a client sends an HTTP/1.x OPTIONS request with an Expect: 100-continue header and uses obsolete line folding. This can cause two in-path Akamai servers to interpret the request di...

4CVSS6.5AI score0.00517EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/23 10:43 a.m.15 views

CVE-2024-25622

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. The configuration directives provided by the headers handler allows users to modify the response headers being sent by h2o. The configuration file of h2o has scopes, and the inner scopes e.g., path level are expected to inherit t...

4.3CVSS6.6AI score0.00428EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/10/11 2:24 p.m.17 views

CVE-2024-45397 H2O alllows bypassing address-based access control with 0-RTT

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. When an HTTP request using TLS/1.3 early data on top of TCP Fast Open or QUIC 0-RTT packets is received and the IP-address-based access control is used, the access control does not detect and prohibit HTTP requests conveyed by...

5.9CVSS7.2AI score0.00438EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/10/11 2:20 p.m.22 views

CVE-2024-25622 H2O ignores headers configuration directives

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. The configuration directives provided by the headers handler allows users to modify the response headers being sent by h2o. The configuration file of h2o has scopes, and the inner scopes e.g., path level are expected to inherit t...

3.1CVSS0.00428EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2024/10/11 2:20 p.m.14 views

CVE-2024-25622 H2O ignores headers configuration directives

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. The configuration directives provided by the headers handler allows users to modify the response headers being sent by h2o. The configuration file of h2o has scopes, and the inner scopes e.g., path level are expected to inherit t...

3.1CVSS6.7AI score0.00428EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2024/02/26 8:13 p.m.46 views

Connection leaking on idle timeout when TCP congested

Impact If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as closed, and then a GOAWAY frame is queued to be written. However it is not written because the connection is TCP congested. When another idle timeout period elapses, it is then supposed ...

7.5CVSS7.3AI score0.01433EPSS
Exploits0References10Affected Software4
OSV
OSV
added 2023/10/05 8:55 p.m.12 views

GHSA-3MWQ-H3G6-FFHM Vapor's incorrect request error handling triggers server crash

Vapor incorrectly handles errors encountered during parsing of HTTP 1.x requests, triggering a precondition failure in swift-nio due to API misuse and causing immediate termination of the server process. Impact This is a denial of service vulnerability, impacting all users of affected versions of...

5.3CVSS5.5AI score0.00597EPSS
Exploits0References5
GitLab Advisory Database
GitLab Advisory Database
added 2023/10/05 12:0 a.m.21 views

Vapor's incorrect request error handling triggers server crash

Vapor incorrectly handles errors encountered during parsing of HTTP 1.x requests, triggering a precondition failure in swift-nio due to API misuse and causing immediate termination of the server process...

5.3CVSS6.7AI score0.00597EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2022/08/10 12:0 a.m.28 views

CVE-2022-28129 Insufficient Validation of HTTP/1.x Headers

Improper Input Validation vulnerability in HTTP/1.1 header parsing of Apache Traffic Server allows an attacker to send invalid headers. This issue affects Apache Traffic Server 8.0.0 to 9.1.2...

7.5AI score0.01849EPSS
Exploits0References5
OSV
OSV
added 2021/06/16 5:47 p.m.61 views

GHSA-QJWC-V72V-FQ6R HTTP request smuggling in Undertow

A flaw was found in Undertow. A regression in the fix for CVE-2020-10687 was found. HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS...

4.8CVSS6.2AI score0.01119EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2021/06/16 5:47 p.m.111 views

HTTP request smuggling in Undertow

A flaw was found in Undertow. A regression in the fix for CVE-2020-10687 was found. HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS...

5.8CVSS2.9AI score0.01119EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2021/04/30 5:28 p.m.64 views

GHSA-P9W3-GWC2-CR49 HTTP Request Smuggling in Undertow

A flaw was discovered in all versions of Undertow before Undertow 2.2.0.Final, where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS...

4.8CVSS6.2AI score0.01147EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2021/04/30 5:28 p.m.83 views

HTTP Request Smuggling in Undertow

A flaw was discovered in all versions of Undertow before Undertow 2.2.0.Final, where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS...

5.8CVSS1.9AI score0.01147EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2021/03/31 6:15 p.m.3 views

CVE-2021-22999

On versions 15.0.x before 15.1.0 and 14.1.x before 14.1.4, the BIG-IP system provides an option to connect HTTP/2 clients to HTTP/1.x servers. When a client is slow to accept responses and it closes a connection prematurely, the BIG-IP system may indefinitely retain some streams unclosed. Note:...

7.5CVSS7.1AI score0.00961EPSS
Exploits0References1
NVD
NVD
added 2021/03/31 6:15 p.m.32 views

CVE-2021-22999

On versions 15.0.x before 15.1.0 and 14.1.x before 14.1.4, the BIG-IP system provides an option to connect HTTP/2 clients to HTTP/1.x servers. When a client is slow to accept responses and it closes a connection prematurely, the BIG-IP system may indefinitely retain some streams unclosed. Note:...

7.5CVSS0.00961EPSS
Exploits0References1
Prion
Prion
added 2021/03/31 6:15 p.m.16 views

Code injection

On versions 15.0.x before 15.1.0 and 14.1.x before 14.1.4, the BIG-IP system provides an option to connect HTTP/2 clients to HTTP/1.x servers. When a client is slow to accept responses and it closes a connection prematurely, the BIG-IP system may indefinitely retain some streams unclosed. Note:...

5CVSS7.5AI score0.00961EPSS
Exploits0References1Affected Software14
CVE
CVE
added 2021/03/31 5:29 p.m.75 views

CVE-2021-22999

CVE-2021-22999 affects BIG-IP HTTP/2 profiles: when an HTTP/2 client closes a slow connection, the system may indefinitely retain streams, causing a memory leak and potential DoS. Affected versions include 15.0.x before 15.1.0 and 14.1.x before 14.1.4; remediation involves upgrading to non‑vulner...

7.5CVSS7.6AI score0.00961EPSS
Exploits0References1Affected Software14
OSV
OSV
added 2021/02/23 6:15 p.m.31 views

CVE-2021-20220

A flaw was found in Undertow. A regression in the fix for CVE-2020-10687 was found. HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS...

4.8CVSS5.5AI score
Exploits0References2
Prion
Prion
added 2021/02/23 6:15 p.m.36 views

Design/Logic Flaw

A flaw was found in Undertow. A regression in the fix for CVE-2020-10687 was found. HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS...

5.8CVSS5.8AI score0.02712EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder