GHSA-F8VR-R385-RH5R h2 vulnerable to denial of service

Hyper is an HTTP library for Rust and h2 is an HTTP 2.0 client & server implementation for Rust. An issue was discovered in h2 v0.2.4 when processing header frames. It incorrectly processes the HTTP2 RSTSTREAM frames by not always releasing the memory immediately upon receiving the reset frame,...

SUSE CVE-2015-5740

The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request with two Content-length headers...

Metasploit Weekly Wrap-Up

New module content 2 Gather Dbeaver Passwords Author: Kali-Team Type: Post Pull request: 17337 contributed by cn-kali-team Description: This adds a post exploit module that retrieves Dbeaver session data from local configuration files. It is able to extract and decrypt credentials stored in these...

Insertion of Sensitive Information Into Sent Data

Overview std/net/http is a Go standard library package std/net/http Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data. Go Vulnerability Report: Client IP adresses may be unintentionally exposed via X-Forwarded-For headers.When...

golang: net/http: limit growth of header canonicalization cache

There's an uncontrolled resource consumption flaw in golang's net/http library in the canonicalHeader function. An attacker who submits specially crafted requests to applications linked with net/http's http2 functionality could cause excessive resource consumption that could lead to a denial of...

Design/Logic Flaw

treq is an HTTP library inspired by requests but written on top of Twisted's Agents. Treq's request methods treq.get, treq.post, etc. and treq.client.HTTPClient constructor accept cookies as a dictionary. Such cookies are not bound to a single domain, and are therefore sent to every domain...

CVE-2022-23607

The CVE concerns treq, an HTTP library for Twisted, where cookies passed to requests (e.g., treq.get/post, HTTPClient) were not bound to a single domain, enabling supercookies that could leak data on redirects. Affected behavior is that cookies are sent to every domain; impact is sensitive inform...

CVE-2022-23607 Unsafe handling of user-specified cookies in treq

treq is an HTTP library inspired by requests but written on top of Twisted's Agents. Treq's request methods treq.get, treq.post, etc. and treq.client.HTTPClient constructor accept cookies as a dictionary. Such cookies are not bound to a single domain, and are therefore sent to every domain...

CVE-2020-21574

Buffer overflow vulnerability in YotsuyaNight c-http v0.1.0, allows attackers to cause a denial of service via a long url request which is passed to the delimitedread function...

Jenkins < 2.303.2, < 2.315 HTTP Library Vulnerability - Linux

Jenkins is prone to a vulnerability in the bundled version of commons-httpclient library. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later Th...

urllib3: Multiple vulnerabilities

Background The urllib3 library is an HTTP library with thread-safe connection pooling, file post, and more. Description Multiple vulnerabilities have been discovered in urllib3. Please review the CVE identifiers referenced below for details. Impact An attacker could cause a possible Denial of...

CVE-2021-32715

hyper is an HTTP library for rust. hyper's HTTP/1 server code had a flaw that incorrectly parses and accepts requests with a Content-Length header with a prefixed plus sign, when it should have been rejected as illegal. This combined with an upstream HTTP proxy that doesn't parse such...

CVE-2021-32714

hyper is an HTTP library for Rust. In versions prior to 0.14.10, hyper's HTTP server and client code had a flaw that could trigger an integer overflow when decoding chunk sizes that are too big. This allows possible data loss, or if combined with an upstream HTTP proxy that allows chunk sizes...

CVE-2021-32715

hyper is an HTTP library for rust. hyper's HTTP/1 server code had a flaw that incorrectly parses and accepts requests with a Content-Length header with a prefixed plus sign, when it should have been rejected as illegal. This combined with an upstream HTTP proxy that doesn't parse such...

CVE-2021-32715

hyper is an HTTP library for rust. hyper's HTTP/1 server code had a flaw that incorrectly parses and accepts requests with a Content-Length header with a prefixed plus sign, when it should have been rejected as illegal. This combined with an upstream HTTP proxy that doesn't parse such...

CVE-2021-32714

hyper is an HTTP library for Rust. In versions prior to 0.14.10, hyper's HTTP server and client code had a flaw that could trigger an integer overflow when decoding chunk sizes that are too big. This allows possible data loss, or if combined with an upstream HTTP proxy that allows chunk sizes...

Integer overflow

hyper is an HTTP library for Rust. In versions prior to 0.14.10, hyper's HTTP server and client code had a flaw that could trigger an integer overflow when decoding chunk sizes that are too big. This allows possible data loss, or if combined with an upstream HTTP proxy that allows chunk sizes...

CVE-2021-32715 Lenient Parsing of Content-Length Header When Prefixed with Plus Sign

hyper is an HTTP library for rust. hyper's HTTP/1 server code had a flaw that incorrectly parses and accepts requests with a Content-Length header with a prefixed plus sign, when it should have been rejected as illegal. This combined with an upstream HTTP proxy that doesn't parse such...

CVE-2021-32715

Hyper (Rust HTTP library) had a vulnerability in its HTTP/1 server code where a Content-Length header prefixed with a plus sign could be accepted instead of rejected, enabling potential request smuggling/desync attacks. The issue affects all prior Hyper versions before 0.14.10 when built with rus...

CVE-2021-32714

hyper is an HTTP library for Rust. In versions prior to 0.14.10, hyper's HTTP server and client code had a flaw that could trigger an integer overflow when decoding chunk sizes that are too big. This allows possible data loss, or if combined with an upstream HTTP proxy that allows chunk sizes...