EUVD-2006-1108

Malware in sbrugna...

CVE-2025-52887 cpp-httplib has unlimited number of http header fields, which causes memory leak

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. In version 0.21.0, when many http headers fields are passed in, the library does not limit the number of headers, and the memory associated with the headers will not be released when the connection is disconnected...

CVE-2023-30589

The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling HRS. The CR character without LF is sufficient to delimit HTTP header fields in the llhttp parser. According to RFC7230 section 3, only th...

CVE-2023-30589

The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling HRS. The CR character without LF is sufficient to delimit HTTP header fields in the llhttp parser. According to RFC7230 section 3, only th...

Internet Bug Bounty: HTTP Request Smuggling via Empty headers separated by CR

The llhttp parser in the Node.js http module did not strictly use the CRLF sequence to delimit HTTP requests, which allowed for HTTP Request Smuggling HRS. This vulnerability affected all active versions of Node.js...

Node.js: HTTP Request Smuggling via Empty headers separated by CR

HTTP Request Smuggling HRS was possible in Node.js v20.2.0 due to the llhttp parser in the http module not strictly using the CRLF sequence to delimit HTTP requests. The CR character without LF was sufficient to delimit HTTP header fields in the llhttp parser, which is not compliant with RFC7230...

CVE-2022-39026 e-Excellence Inc. U-Office Force - Stored XSS

U-Office Force UserDefault page has insufficient filtering for special characters in the HTTP header fields. A remote attacker with general user privilege can exploit this vulnerability to inject JavaScript and perform XSS Stored Cross-Site Scripting attack...

Worming your way in through IIS - CVE-2022-21907

Worming your way in through IIS - CVE-2022-21907 By Trellix · January 27, 2022 This story was written by Eion Carroll. IIS HTTP Stack History In the first patch Tuesday of 2022, Microsoft released a patch for a wormable vulnerability CVE-2022-21907 within the IIS HTTP stack, or more specifically...

Micrium uC-HTTP HTTP Server unchecked return value denial-of-service vulnerability

Summary A denial-of-service vulnerability exists in the HTTP Server functionality of Micrium uC-HTTP 3.01.00. A specially crafted HTTP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability. Tested Versions Micrium uC-HTTP 3.01.00 Product URLs...

Micrium uC-HTTP HTTP Server null pointer dereference denial-of-service vulnerability

Summary A denial-of-service vulnerability exists in the HTTP Server functionality of Micrium uC-HTTP 3.01.00. A specially crafted HTTP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability. Tested Versions Micrium uC-HTTP 3.01.00 Product URLs...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2019-2593)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 23 : nghttp2-1.7.1-1.fc23 (2016-ac861a840e)

CVE-2016-1544: Out of memory in nghttpd, nghttp, and libnghttp2asio applications due to unlimited incoming HTTP header fields: https://github.com/tatsuhiro-t/nghttp2/releases/tag/v1.7.1 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora...

at32 ReverseProxy - Multiple HTTP Header Field Denial Of Service Vulnerability

Title: at32 Reverse Proxy - Multiple HTTP Header Field Denial Of Service Vulnerability Product : at32 Reverse Proxy Version : v1.060.310 Vendor: http://www.at32.com/doc/rproxy.htm Class: Boundary Condition Error CVE: Remote: Yes Local: No Published: 2012-03-14 Updated: Impact : Medium CVSS2 Base ...

at32 Reverse Proxy 1.060.310 Denial Of Service

Title: at32 Reverse Proxy - Multiple HTTP Header Field Denial Of Service Vulnerability Product : at32 Reverse Proxy Version : v1.060.310 Vendor: http://www.at32.com/doc/rproxy.htm Class: Boundary Condition Error CVE: Remote: Yes Local: No Published: 2012-03-14 Updated: Impact : Medium CVSS2 Base ...

Mercurycom MR804 Router - Multiple HTTP Header Fields Denial Of Service Vulnerability

Title: Mercurycom MR804 Router - Multiple HTTP Header Fields Denial Of Service Vulnerability Product : Mercurycom MR804 Router Hardware Version : MR804 v8.0 081C3113 Software Version : 3.8.1 Build 101220 Rel.53006nB Vendor: http://www.mercurycom.com.cn/ Class: Boundary Condition Error CVE: Remote...

Mercurycom MR804 Router Denial Of Service

Title: Mercurycom MR804 Router - Multiple HTTP Header Fields Denial Of Service Vulnerability Product : Mercurycom MR804 Router Hardware Version : MR804 v8.0 081C3113 Software Version : 3.8.1 Build 101220 Rel.53006nB Vendor: http://www.mercurycom.com.cn/ Class: Boundary Condition Error CVE: Remote...

Mercury MR804 Router - Multiple HTTP Header Fields Denial of Service Vulnerabilities

Mercury MR804 Router - Multiple HTTP Header Fields Denial of Service Vulnerabilities source: https://www.securityfocus.com/bid/52106/info Mercury MR804 router is prone to multiple denial-of-service vulnerabilities. Remote attackers can exploit these issues to cause the device to crash, denying...

Mercury MR804 Router - Multiple HTTP Header Fields Denial of Service Vulnerabilities

source: https://www.securityfocus.com/bid/52106/info Mercury MR804 router is prone to multiple denial-of-service vulnerabilities. Remote attackers can exploit these issues to cause the device to crash, denying service to legitimate users. Mercury MR804 running version 3.8.1 Build 101220 is...