274 matches found
SUSE-SU-2025:02739-1 Security update for ruby2.5
This update for ruby2.5 fixes the following issues: - CVE-2025-6442: Fixed readheader HTTP Request Smuggling Vulnerability in WEBrick bsc1245254 - CVE-2025-27221: Fixed userinfo leakage in URIjoin, URImerge and URI+ bsc1237805...
TencentOS Server 3: nodejs:18 (TSSA-2024:0177)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0177 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...
CVE-2021-41442
An HTTP smuggling attack in the web application of D-Link DIR-X1860 before v1.10WWB09Beta allows a remote unauthenticated attacker to DoS the web application via sending a specific HTTP packet...
Important: runc
Issue Overview: Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid. CVE-2022-1705 Uncontrolled...
Huawei EulerOS: Security Advisory for haproxy (EulerOS-SA-2025-1298)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
HTTP Request Smuggling
Overview io.ktor:ktor-network-tls-jvm is a framework for quickly creating web applications in Kotlin with minimal effort. Affected versions of this package are vulnerable to HTTP Request Smuggling due to a race condition between multiple coroutines using the same thread. Remediation Upgrade...
Medium: php8.3
Issue Overview: The upstream advisory describes this issue as follows: A memory-related vulnerability in PHP's filter handling system, particularly when processing input with convert.quoted-printable-decode filters, leads to a segmentation fault. This vulnerability is triggered through specific...
squid security update
7:3.5.20-17.0.5.13 - Fixed cve 2023-46846 for http and icap request/response smuggling Orabug: 37326730...
SUSE-SU-2025:20101-1 Security update for haproxy
This update for haproxy fixes the following issues: Update to version 2.8.11+git0.01c1056a4: - VUL-0: CVE-2024-53008: haproxy: HTTP/3 request smuggling via malformed HTTP headers forwarded to a HTTP/1.1 non-compliant back-end server bsc1233973 - BUG/MINOR: cfgparse-listen: fix option httpslog...
Important: ruby
Issue Overview: An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n" request. NOTE: the supplier's...
Important: libsoup
Issue Overview: GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored, i.e., a "Transfer-Encoding\0: chunked" header is treated the same as a "Transfer-Encoding: chunked" header. CVE-2024-52530 GNOME libsoup...
Security update for libsoup
This update for libsoup fixes the following issues: CVE-2024-52530: Fixed HTTP request smuggling via stripping null bytes from the ends of header names bsc1233285 CVE-2024-52531: Fixed buffer overflow via UTF-8 conversion in soupheaderparseparamliststrict bsc1233292 CVE-2024-52532: Fixed infinite...
UBUNTU-CVE-2024-52530
GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored, i.e., a "Transfer-Encoding\0: chunked" header is treated the same as a "Transfer-Encoding: chunked" header...
HTTP Smuggling
org.jboss.resteasy, resteasy-netty4-cdi is vulnerable to HTTP Smuggling. The vulnerability is due to improper handling of HTTP requests by the resteasy-netty4 library, specifically when the Netty HttpObjectDecoder fails to process HTTP smuggling requests with ASCII control characters, causing it ...
CVE-2024-9622 Resteasy-netty4-cdi: resteasy-netty4: resteasy-reactor-netty: http request smuggling leading to client timeouts in resteasy-netty4
A vulnerability was found in the resteasy-netty4 library arising from improper handling of HTTP requests using smuggling techniques. When an HTTP smuggling request with an ASCII control character is sent, it causes the Netty HttpObjectDecoder to transition into a BADMESSAGE state. As a result, an...
CVE-2024-9622
CVE-2024-9622 applies to the resteasy-netty4 library, where improper handling of HTTP requests containing ASCII control characters can trigger the Netty HttpObjectDecoder BAD_MESSAGE state. This causes subsequent legitimate requests on the same connection to be ignored, leading to client timeouts...
UBUNTU-CVE-2024-47220
An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n" request. NOTE: the supplier's position is "Webric...
RHEL 8 : nginx (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - nginx: memory leak in IPv4 Off Handler CVE-2022-3638 Note that Nessus has not tested for this issue but has instead...
Moderate: Red Hat Security Advisory: RHUI 4.8 Release - Security Updates, Bug Fixes, and Enhancements
An updated version of Red Hat Update Infrastructure RHUI is now available. RHUI 4.8 fixes several security an operational bugs, adds some new features and upgrades the underlying Pulp to a newer version. Red Hat Product Security has rated this update as having a security impact of Moderate. A...
CVE-2024-1135 HTTP Request Smuggling in benoitc/gunicorn
Gunicorn fails to properly validate Transfer-Encoding headers, leading to HTTP Request Smuggling HRS vulnerabilities. By crafting requests with conflicting Transfer-Encoding headers, attackers can bypass security restrictions and access restricted endpoints. This issue is due to Gunicorn's handli...