HTTP Request Smuggling

io.vertx:vertx-core is vulnerable to HTTP Request Smuggling. The vulnerability is due to improper handling of / in the output buffer by removeDots function in Static Handler which allows the attacker can prevent access to static files by sending specifically crafted request URIs that exploit...

📄 Oracle E-Business Suite CVE-2025-61882 Remote Code Execution

This Metasploit module exploits CVE-2025-61882 in Oracle E-Business Suite by combining server-side request forgery, path traversal, HTTP request smuggling, and XSLT injection. The exploit hosts a malicious XSL file that the target will fetch and process, leading to remote code execution. This...

Azure Linux 3.0 Security Update: python-tensorboard (CVE-2019-16276)

The version of python-tensorboard installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2019-16276 advisory. - Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling. CVE-2019-16276 Note tha...

CVE-2025-53912

An arbitrary file read vulnerability exists in the encapsulatedDoc functionality of MedDream PACS Premium 7.3.6.870. A specially crafted HTTP request can lead to an arbitrary file read. An attacker can send http request to trigger this vulnerability...

MiracleLinux 7 : httpd-2.4.6-98.7.0.1.el7.AXS7 (AXSA:2023-5265:04)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-5265:04 advisory. httpd: HTTP request splitting with modrewrite and modproxy CVE-2023-25690 Tenable has extracted the preceding description block directly from the MiracleLinu...

MiracleLinux 9 : squid-5.5-6.el9_3.8 (AXSA:2024-7624:02)

The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2024-7624:02 advisory. squid: denial of service in HTTP header parser CVE-2024-25617 squid: Denial of Service in HTTP Chunked Decoding CVE-2024-25111 squid: denial of...

MiracleLinux 4 : squid-3.1.23-24.0.1.AXS4 (AXSA:2021-1658:02)

The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2021-1658:02 advisory. squid: improper input validation may allow a trusted client to perform HTTP request smuggling CVE-2020-25097 Tenable has extracted the preceding description...

MiracleLinux 4 : python-twisted-web-8.2.0-6.AXS4 (AXSA:2020-036:02)

The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2020-036:02 advisory. python-twisted: HTTP request smuggling when presented with two Content-Length headers CVE-2020-10108 Tenable has extracted the preceding description block...

MiracleLinux 8 : nodejs:14 (AXSA:2022-3040:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3040:01 advisory. nodejs-json-schema: Prototype pollution vulnerability CVE-2021-3918 nodejs-ini: Prototype pollution via malicious INI file CVE-2020-7788...

MiracleLinux 7 : httpd24-httpd-2.4.34-23.el7.2 (AXSA:2022-3133:02)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3133:02 advisory. httpd: Errors encountered during the discarding of request body lead to HTTP request smuggling CVE-2022-22720 CVEs: CVE-2022-22720 Tenable has extracted the...

MiracleLinux 8 : nodejs:12 (AXSA:2021-1495:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1495:01 advisory. nodejs-mixin-deep: prototype pollution in function mixin-deep CVE-2019-10746 nodejs-set-value: prototype pollution in function set-value...

MiracleLinux 7 : httpd-2.4.6-97.5.0.1.el7.AXS7 (AXSA:2022-3128:02)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3128:02 advisory. httpd: Errors encountered during the discarding of request body lead to HTTP request smuggling CVE-2022-22720 Tenable has extracted the preceding description...

MiracleLinux 8 : nodejs:16 (AXSA:2023-6328:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6328:01 advisory. nodejs: mainModule.proto bypass experimental policy mechanism CVE-2023-30581 nodejs: process interuption due to invalid Public Key information in x5...

MiracleLinux 7 : rh-nodejs14-nodejs-nodemon-2.0.19-1.el7, rh-nodejs14-nodejs-14.20.0-2.el7 (AXSA:2022-3813:02)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3813:02 advisory. nodejs: DNS rebinding in --inspect via invalid IP addresses CVE-2022-32212 nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding...

MiracleLinux 8 : nodejs:14 (AXSA:2022-3839:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3839:01 advisory. nodejs: DNS rebinding in --inspect via invalid IP addresses CVE-2022-32212 nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding...

MiracleLinux 7 : rh-nodejs12-nodejs-nodemon-2.0.3-1.el7, rh-nodejs12-nodejs-12.20.1-1.el7 (AXSA:2021-1451:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1451:01 advisory. nodejs-mixin-deep: prototype pollution in function mixin-deep CVE-2019-10746 nodejs-set-value: prototype pollution in function set-value...

MiracleLinux 8 : [security - high] nodejs:16 (AXSA:2022-3898:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3898:01 advisory. nodejs: weak randomness in WebCrypto keygen CVE-2022-35255 nodejs: HTTP Request Smuggling due to incorrect parsing of header fields CVE-2022-35256...

MiracleLinux 7 : http-parser-2.7.1-8.el7.2 (AXSA:2020-4489:01)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2020-4489:01 advisory. nodejs: HTTP request smuggling using malformed Transfer-Encoding header CVE-2019-15605 Tenable has extracted the preceding description block directly from th...

MiracleLinux 9 : tomcat-9.0.62-37.el9_3.2 (AXSA:2024-7586:05)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-7586:05 advisory. tomcat: HTTP request smuggling via malformed trailer headers CVE-2023-46589 Tenable has extracted the preceding description block directly from the...

MiracleLinux 8 : nginx:1.16 (AXSA:2021-1530:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-1530:01 advisory. nginx: HTTP request smuggling in configurations with URL redirect used as errorpage CVE-2019-20372 Tenable has extracted the preceding description block...