K27551003: The BIG-IP system may not interpret an HTTP request the same way the target web server interprets it

Security Advisory Description This issue occurs when all of the following conditions are met: A virtual server is associated with an HTTP profile. An iRule or LTM policy that uses HTTP header information is associated with the virtual server. The BIG-IP system receives a specially crafted HTTP...

SUSE CVE-2004-0386

Buffer overflow in the HTTP parser for MPlayer 1.0pre3 and earlier, 0.90, and 0.91 allows remote attackers to execute arbitrary code via a long Location header...

SUSE CVE-2016-10190

Heap-based buffer overflow in libavformat/http.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote web servers to execute arbitrary code via a negative chunk size in an HTTP response...

SUSE CVE-2018-7159

The HTTP parser in all current versions of Node.js ignores spaces in the Content-Length header, allowing input such as Content-Length: 1 2 to be interpreted as having a value of 12. The HTTP specification does not allow for spaces in the Content-Length value and the Node.js HTTP parser has been...

SUSE-SU-2023:0413-1 Security update for haproxy

This update for haproxy fixes the following issues: - CVE-2023-25725: Fixed a serious vulnerability in the HTTP/1 parser bsc1208132. - CVE-2023-0056: Fixed denial of service via crash in httpwaitforresponse bsc1207181...

SUSE-SU-2023:0412-1 Security update for haproxy

This update for haproxy fixes the following issues: - CVE-2023-25725: Fixed a serious vulnerability in the HTTP/1 parser bsc1208132. - CVE-2023-0056: Fixed denial of service via crash in httpwaitforresponse bsc1207181...

Debian: Security Advisory (DLA-3224-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 3224-1] http-parser security update

----------------------------------------------------------------------- Debian LTS Advisory DLA-3224-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta December 05, 2022 https://wiki.debian.org/LTS -...

DLA-3224-1 http-parser - security update

Bulletin has no description...

Updated http-parser packages fix security vulnerability

http-parser could be made to expose sensitive data if it received a specially crafted request. CVE-2020-8287...

MGASA-2022-0393 Updated http-parser packages fix security vulnerability

http-parser could be made to expose sensitive data if it received a specially crafted request. CVE-2020-8287...

Mageia: Security Advisory (MGASA-2022-0393)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-5563-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-5563-1: http-parser vulnerability

It was discovered that http-parser incorrectly handled certain requests. An attacker could possibly use this issue to bypass security controls or gain unauthorized access to sensitive data...

USN-5563-1 http-parser vulnerability

It was discovered that http-parser incorrectly handled certain requests. An attacker could possibly use this issue to bypass security controls or gain unauthorized access to sensitive data...

Ubuntu 18.04 LTS : http-parser vulnerability (USN-5563-1)

The remote Ubuntu 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5563-1 advisory. It was discovered that http-parser incorrectly handled certain requests. An attacker could possibly use this issue to bypass security controls or gain unauthorize...

CVE-2022-32213

The llhttp parser v14.20.1, v16.17.1 and v18.9.1 in the http module in Node.js does not correctly parse and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling HRS...

CVE-2022-32215

The llhttp parser v14.20.1, v16.17.1 and v18.9.1 in the http module in Node.js does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling HRS...

Node.js: CVE-2022-32213 bypass via obs-fold mechanic

Summary The fix for CVE-2022-32213 can be bypass using an obs-fold, which Node's http parser supports Proof-Of-Concept const http = require'http'; http.createServerrequest, response = let body = ; request.on'error', err = response.end"error while reading body: " + err .on'data', chunk =...

new packages: http-parser

An update is available for http-parser. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...