12 matches found
Astra Linux - уязвимость в http-parser
Node.js versions before 10.23.1, 12.20.1, 14.15.4, and 15.5.1 allow for two copies of a header field in an HTTP request for example, two Transfer-Encoding header fields. In this case, Node.js identifies the first header field and ignores the second. This can lead to HTTP Request Smuggling...
Fedora 44 : mongo-c-driver (2026-508009213f)
The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-508009213f advisory. - Fix handling in HTTP response parser CVE-2026-4359 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note...
MiracleLinux 8 : http-parser-2.8.0-5.el8.2 (AXSA:2020-132:02)
The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2020-132:02 advisory. nodejs: HTTP request smuggling using malformed Transfer-Encoding header CVE-2019-15605 Tenable has extracted the preceding description block directly from the...
TencentOS Server 3: http-parser (TSSA-2022:0055)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2022:0055 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...
LibHTP 安全漏洞
LibHTP is a security-aware parser from the Open Information Security Foundation. The product is primarily used for the HTTP protocol, among other things. A security vulnerability exists in LibHTP 0.5.50 and earlier versions, which stems from a memory leak issue that could cause a process to run o...
CVE-2020-27539
Heap overflow with full parsing of HTTP respose in Rostelecom CS-C2SHW 5.0.082.1. AgentUpdater service has a self-written HTTP parser and builder. HTTP parser has a heap buffer overflow OOB write. In default configuration camera parses responses only from HTTPS URLs from config file, so vulnerabl...
Alibaba Cloud Linux 3 : 0055: http-parser (ALINUX3-SA-2022:0055)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2022:0055 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2019-15605: HTTP request smuggling in Node.js 1...
CVE-2025-26803
The http parser in Phusion Passenger 6.0.21 through 6.0.25 before 6.0.26 allows a denial of service during parsing of a request with an invalid HTTP method...
SUSE-SU-2023:0413-1 Security update for haproxy
This update for haproxy fixes the following issues: - CVE-2023-25725: Fixed a serious vulnerability in the HTTP/1 parser bsc1208132. - CVE-2023-0056: Fixed denial of service via crash in httpwaitforresponse bsc1207181...
SUSE-SU-2023:0412-1 Security update for haproxy
This update for haproxy fixes the following issues: - CVE-2023-25725: Fixed a serious vulnerability in the HTTP/1 parser bsc1208132. - CVE-2023-0056: Fixed denial of service via crash in httpwaitforresponse bsc1207181...
USN-5563-1 http-parser vulnerability
It was discovered that http-parser incorrectly handled certain requests. An attacker could possibly use this issue to bypass security controls or gain unauthorized access to sensitive data...
Ubuntu 18.04 LTS : http-parser vulnerability (USN-5563-1)
The remote Ubuntu 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5563-1 advisory. It was discovered that http-parser incorrectly handled certain requests. An attacker could possibly use this issue to bypass security controls or gain unauthorize...