CVE-2023-38697

A flaw was found in the protocol-http1 rubygem package. The protocol-http1 provides a low-level implementation of the HTTP/1 protocol. This behavior can lead to desync when forwarding through multiple HTTP parsers, potentially resulting in HTTP request smuggling and firewall bypassing...

CVE-2023-38697 protocol-http1 HTTP Request/Response Smuggling vulnerability

protocol-http1 provides a low-level implementation of the HTTP/1 protocol. RFC 9112 Section 7.1 defined the format of chunk size, chunk data and chunk extension. The value of Content-Length header should be a string of 0-9 digits, the chunk size should be a string of hex digits and should split...

Internet Bug Bounty: Multiple HTTP Smuggling reports

Theses reports spreads other several years and are all about HTTP Smuggling issues HTTP Requests or Responses splitting, Cache Poisoning, Security filter bypass. I've made reports on a wide range of open source projects, explaining the not always easy problems to the various security maintainers...

mod_security <= 2.1.0 (ASCIIZ byte) POST Rules Bypass Vulnerability

No description provided by source. modsecurity = 2.1.0 ASCIIZ byte POST Rules Bypass Vulnerability http://www.php-security.org/MOPB/BONUS-12-2007.html Affected is modsecurity = 2.1.0 Detailed information Detailed information When modsecurity receives a request it parses it into web application...

CVE-2007-1359

Interpretation conflict in ModSecurity modsecurity 2.1.0 and earlier allows remote attackers to bypass request rules via application/x-www-form-urlencoded POST data that contains an ASCIIZ 0x00 byte, which modsecurity treats as a terminator even though it is still processed as normal data by some...

Design/Logic Flaw

Interpretation conflict in ModSecurity modsecurity 2.1.0 and earlier allows remote attackers to bypass request rules via application/x-www-form-urlencoded POST data that contains an ASCIIZ 0x00 byte, which modsecurity treats as a terminator even though it is still processed as normal data by some...

CVE-2007-1359

Interpretation conflict in ModSecurity modsecurity 2.1.0 and earlier allows remote attackers to bypass request rules via application/x-www-form-urlencoded POST data that contains an ASCIIZ 0x00 byte, which modsecurity treats as a terminator even though it is still processed as normal data by some...

CVE-2007-1359

ModSecurity (mod_security)

mod_security 2.1.0 - ASCIIZ byte POST Rules Bypass

modsecurity 2.1.0 - ASCIIZ byte POST Rules Bypass modsecurity Now call it with a command like $ echo -e "&var=alert/xss/;" postdata $ curl http://localhost/test.php --data-binary...

mod_security 2.1.0 - ASCIIZ byte POST Rules Bypass

modsecurity Now call it with a command like $ echo -e "&var=alert/xss/;" postdata $ curl http://localhost/test.php --data-binary @postdata -A Harmle...

Kaspersky6-http.txt

Kaspersky antivirus 6 Kaspersky internet security 6 www.kaspersky.com Vulnerable Systems: KAV6, KIS6 Detail: The vulnerability is caused due to HTTP parsing errors in the HTTP monitor Kaspersky Web-antivirus. Any mailicious software on local computer can bypass HTTP virus monitor. Solution: There...