3631 matches found
PT-2026-37626
Name of the Vulnerable Software and Affected Versions Gazelle versions prior to 0.50 Description Improper header precedence allows HTTP Request Smuggling. The software incorrectly prioritizes the Content-Length header over Transfer-Encoding: chunked when both are present in an HTTP request,...
HTTP Request Smuggling
Overview io.netty:netty-codec-http is a network application framework for rapid development of maintainable high performance protocol servers & clients. Affected versions of this package are vulnerable to HTTP Request Smuggling in the setUri function. An attacker can inject arbitrary CRLF sequenc...
Security Bulletin: Vulnerabilities in Apache Tomcat and Lodash might affect IBM Storage Defender Copy Data Management
Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in Apache Tomcat and Lodash. Vulnerabilities include Improper Input Validation vulnerability in Apache Tomcat, Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in Apach...
DEBIAN-CVE-2026-40561
Starlet versions through 0.31 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Starlet incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence. An...
CVE-2026-40561
Starlet versions through 0.31 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Starlet incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence. An...
Linux Distros Unpatched Vulnerability : CVE-2026-40561
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Starlet versions through 0.31 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Starlet incorrectly prioritizes Content-Length over...
CVE-2026-39805
Inconsistent Interpretation of HTTP Requests vulnerability in mtrudel bandit allows HTTP request smuggling via duplicate Content-Length headers. 'Elixir.Bandit.Headers':getcontentlength/1 in lib/bandit/headers.ex uses List.keyfind/3, which returns only the first matching header. When a request...
CVE-2026-39805 CL.CL HTTP request smuggling via duplicate Content-Length in bandit
Inconsistent Interpretation of HTTP Requests vulnerability in mtrudel bandit allows HTTP request smuggling via duplicate Content-Length headers. 'Elixir.Bandit.Headers':getcontentlength/1 in lib/bandit/headers.ex uses List.keyfind/3, which returns only the first matching header. When a request...
CVE-2026-39805 CL.CL HTTP request smuggling via duplicate Content-Length in bandit
Inconsistent Interpretation of HTTP Requests vulnerability in mtrudel bandit allows HTTP request smuggling via duplicate Content-Length headers. 'Elixir.Bandit.Headers':getcontentlength/1 in lib/bandit/headers.ex uses List.keyfind/3, which returns only the first matching header. When a request...
EEF-CVE-2026-39805 CL.CL HTTP request smuggling via duplicate Content-Length in bandit
Summary Inconsistent Interpretation of HTTP Requests vulnerability in mtrudel bandit allows HTTP request smuggling via duplicate Content-Length headers. 'Elixir.Bandit.Headers':getcontentlength/1 in lib/bandit/headers.ex uses List.keyfind/3, which returns only the first matching header. When a...
CVE-2026-39805
CVE-2026-39805 describes an HTTP request smuggling flaw in Elixir Bandit (bandit) due to Bandit.Headers:get_content_length/1 using List.keyfind/3. If a request carries two Content-Length headers with different values, Bandit may read the body using the first value and dispatch the remaining bytes...
PT-2026-36541
Name of the Vulnerable Software and Affected Versions bandit versions prior to 1.11.0 Description Inconsistent interpretation of HTTP requests allows HTTP request smuggling via duplicate Content-Length headers. The function get content length in Elixir.Bandit.Headers uses List.keyfind/3, which on...
Atlassian Bamboo 9.6.x < 9.6.25 / 10.x < 10.2.18 / 11.x < 12.1.6 Multiple Vulnerabilities
The version of Atlassian Bamboo installed on the remote host is 9.6.x prior to 9.6.25, 10.x prior to 10.2.18, or 11.x prior to 12.1.6. It is, therefore, affected by multiple vulnerabilities: - An OS command injection vulnerability allows an authenticated attacker to execute commands on the remote...
Medium: tomcat
Issue Overview: Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in Apache Tomcat via invalid chunk extension. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M1 through 10.1.52, from 9.0.0.M1 through 9.0.115, from 8.5.0...
CVE-2026-40560
A flaw was found in Starman. Starman versions before 0.4018 for Perl incorrectly prioritize the "Content-Length" header over "Transfer-Encoding: chunked" when both are present in an HTTP request, violating RFC 7230 3.3.3. A remote attacker could exploit this improper header precedence to perform...
Libsoup: libsoup: http request smuggling via duplicate content-length headers
...
CVE-2026-40560
Starman versions before 0.4018 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Starman incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence. An...
Linux Distros Unpatched Vulnerability : CVE-2026-40560
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Starman versions before 0.4018 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Starman incorrectly prioritizes Content-Length over...
CVE-2026-40560 Starman versions before 0.4018 for Perl allows HTTP Request Smuggling via Improper Header Precedence
Starman versions before 0.4018 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Starman incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence. An...
CVE-2026-40560 Starman versions before 0.4018 for Perl allows HTTP Request Smuggling via Improper Header Precedence
Starman versions before 0.4018 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Starman incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence. An...