8 matches found
CVE-2026-6733
Impact: Undici's HTTP/1.1 client is vulnerable to response queue poisoning on reused keep-alive sockets. An attacker-controlled upstream server can inject an unsolicited HTTP/1.1 response onto an idle socket after a request completes. When the client dispatches the next request on that socket, it...
CVE-2026-21428
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.30.0, the writeheaders function does not check for CR & LF characters in user supplied headers, allowing untrusted header value to escape header lines. This vulnerability allows attackers to add...
CLSA-2025-1756751473 squid: Fix of CVE-2023-46846
CVE-2023-46846: fix Request/Response chunk smuggling in HTTP/1.1 and ICAP...
DEBIAN-CVE-2023-25725
HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka "request smuggling." The HTTP header parsers in HAProxy may accept empty header field names, which could be used to truncate the list of HTTP headers and thus make some...
netty: possible request smuggling in HTTP/2 due missing validation
In Netty io.netty:netty-codec-http2 before version 4.1.60.Final there is a vulnerability that enables request smuggling. If a Content-Length header is present in the original HTTP/2 request, the field is not validated by Http2MultiplexHandler as it is propagated up. This is fine as long as the...
Httpdx v1.5.3 Remote Break Server HTTP
Exploit for windows platform in category dos / poc ====================================================================== httpdx v1.5.3 PNG File Handling Remote Denial of Service Vulnerability ====================================================================== Vulnerable: httpdx httpdx 1.5.3...
httpdx 1.5.3 - '.png' File Handling Remote Denial of Service
source: https://www.securityfocus.com/bid/38638/info The 'httpdx' program is prone to a denial-of-service vulnerbaility. Remote attackers can exploit this issue to cause the server to stop responding, denying service to legitimate users. This issue affects httpdx 1.5.3; other versions may also be...
EEYE:ALERT: MS06-042 Related Internet Explorer 'Crash' is Exploitable
MS06-042 Related Internet Explorer 'Crash' is Exploitable Date: August 22, 2006 Severity: High Systems Affected: Windows 2000 with IE6 SP1 and MS06-042 hotfix installed Windows XP SP1 with IE6 SP1 and MS06-042 hotfix installed Overview: On August 8th Microsoft released MS06-042 which was a...