Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: varnish (UTSA-2026-005275)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005275 advisory. Varnish Cache before 7.6.2 and Varnish Enterprise before 6.0.13r10 allow client-side desync via HTTP/1 requests. Tenable has extracted the preceding description bloc...

EUVD-2020-29078

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2020-8201

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Node.js 12.18.4 and 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by a...

BIT-NODE-MIN-2020-8201

Node.js 12.18.4 and 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform clickjacking, and a multitude of other attacks depending on the architecture ...

BIT-NODE-2020-8201

Node.js 12.18.4 and 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform clickjacking, and a multitude of other attacks depending on the architecture ...

OESA-2023-1970 python-twisted security update

Twisted is an event-based framework for internet applications, supporting Python 2.7 and Python 3.5+. It includes modules for many different purposes, including the following: Security Fixes: twisted is an event-driven networking engine written in Python. In affected versions twisted exposes...

Rocky Linux 8 : nodejs:12 (RLSA-2020:4272)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2020:4272 advisory. - Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like ://:@::/...

SUSE CVE-2020-8201

Node.js 12.18.4 and 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform clickjacking, and a multitude of other attacks depending on the architecture ...

CVE-2021-46825

Symantec Advanced Secure Gateway ASG and ProxySG are susceptible to an HTTP desync vulnerability. When a remote unauthenticated attacker and other web clients communicate through the proxy with the same web server, the attacker can send crafted HTTP requests and cause the proxy to forward web...

CVE-2021-46825

Symantec Advanced Secure Gateway ASG and ProxySG are susceptible to an HTTP desync vulnerability. When a remote unauthenticated attacker and other web clients communicate through the proxy with the same web server, the attacker can send crafted HTTP requests and cause the proxy to forward web...

Design/Logic Flaw

Symantec Advanced Secure Gateway ASG and ProxySG are susceptible to an HTTP desync vulnerability. When a remote unauthenticated attacker and other web clients communicate through the proxy with the same web server, the attacker can send crafted HTTP requests and cause the proxy to forward web...

CVE-2021-46825

Affected products: Symantec Advanced Secure Gateway (ASG) and ProxySG. Vulnerability: HTTP desync/HTTP desmuggling where a remote, unauthenticated attacker can leverage crafted HTTP requests to cause the proxy to forward a web server’s responses to unintended clients when the attacker and other c...

CVE-2021-46825

Symantec Advanced Secure Gateway ASG and ProxySG are susceptible to an HTTP desync vulnerability. When a remote unauthenticated attacker and other web clients communicate through the proxy with the same web server, the attacker can send crafted HTTP requests and cause the proxy to forward web...

PT-2022-3498 · Symantec · Proxysg +1

Name of the Vulnerable Software and Affected Versions: Symantec Advanced Secure Gateway ASG and ProxySG affected versions not specified Description: The issue is related to an HTTP desync vulnerability. When a remote unauthenticated attacker and other web clients communicate through the proxy wit...

Http-Desync-Guardian - Analyze HTTP Requests To Minimize Risks Of HTTP Desync Attacks (Precursor For HTTP Request Smuggling/Splitting)

Overview HTTP/1.1 went through a long evolution since 1991 to 2014: HTTP/0.9 – 1991 HTTP/1.0 – 1996 HTTP/1.1 RFC 2068 – 1997 RFC 2616 - 1999 RFC 7230 - 2014 This means there is a variety of servers and clients, which might have different views on request boundaries, creating opportunities for...

Smuggler - An HTTP Request Smuggling / Desync Testing Tool

An HTTP Request Smuggling / Desync testing tool written in Python 3 Acknowledgements A special thanks to James Kettle for his research and methods into HTTP desyncs And a special thanks to Ben Sadeghipour for beta testing Smuggler and for allowing me to discuss my work at Nahamcon 2020 IMPORTANT...

HTTP/2 Request Smuggling

HTTP Request Smuggling also known as an HTTP Desync Attack has experienced a resurgence in security research recently, thanks in large part to the outstanding work by security researcher James Kettle. His 2019 Blackhat presentation on HTTP Desync attacks exposed vulnerabilities with different...

HTTP/2 Request Smuggling

HTTP Request Smuggling also known as an HTTP Desync Attack has experienced a resurgence in security research recently, thanks in large part to the outstanding work by security researcher James Kettle. His 2019 Blackhat presentation on HTTP Desync attacks exposed vulnerabilities with different...

Amazon Linux 2 : libuv (ALAS-2021-1581)

The version of libuv installed on the remote host is prior to 1.39.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2021-1581 advisory. Node.js 12.18.4 and 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting...

Important: libuv

Issue Overview: Node.js 12.18.4 and 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform clickjacking, and a multitude of other attacks depending on t...