Fedora 44 : perl-Starman (2026-5bb108e1b7)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-5bb108e1b7 advisory. Starman versions before 0.4018 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Starman incorrectly prioritizes Content-Length over...

CVE-2026-40562

Gazelle for Perl (versions up to 0.49) is affected by HTTP Request Smuggling due to improper header precedence: Content-Length is prioritized over Transfer-Encoding: chunked when both headers are present, contravening RFC 7230 section 3.3.3. This can enable smuggling of requests via a front-end r...

CVE-2026-40562

Gazelle versions through 0.49 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Gazelle incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence. An...

EUVD-2026-2737

H3 is a minimal HTTP framework built for high performance and portability. Prior to 1.15.5, there is a critical HTTP Request Smuggling vulnerability. readRawBody is doing a strict case-sensitive check for the Transfer-Encoding header. It explicitly looks for "chunked", but per the RFC, this heade...

Linux Distros Unpatched Vulnerability : CVE-2025-6442

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Ruby WEBrick readheader HTTP Request Smuggling Vulnerability. This vulnerability allows remote attackers to smuggle arbitrary HTTP requests on affected...

PT-2023-4948 · Pypi +3 · Aiohttp +3

Name of the Vulnerable Software and Affected Versions: aiohttp versions 3.8.4 and earlier Description: The issue is related to the handling of HTTP requests in aiohttp, which can lead to HTTP request smuggling when a crafted HTTP request is sent. This affects users of aiohttp as an HTTP server, b...

HTTP Request Smuggling

Overview puma is a simple, fast, threaded, and highly concurrent HTTP 1.1 server for Ruby/Rack applications. Puma is intended for use in both development and production environments. It's great for highly concurrent Ruby implementations such as Rubinius and JRuby as well as as providing process...

Red Hat Undertow Environment Issues Vulnerabilities

Red Hat Undertow is a U.S. Red Hat Red Hat, a Java-based embedded Web server, is the default Web server Wildfly Java application server. An environment issue vulnerability exists in versions prior to Red Hat Undertow 2.1.1.Final. An attacker could exploit this vulnerability to cause HTTP requests...

netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling

A flaw was found in Netty, where it mishandles Transfer-Encoding whitespace. This flaw allows HTTP Request Smuggling...