OPENSUSE-SU-2026:20122-1 Security update for python-h2

This update for python-h2 fixes the following issues: - CVE-2025-57804: Fixed HTTP Request Smuggling due to illegal characters in headers bsc1248737...

EUVD-2023-12835

Malicious code in bioql PyPI...

SUSE SLES15 Security Update : python-h2 (SUSE-SU-2025:03273-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2025:03273-1 advisory. - CVE-2025-57804: Fixed HTTP Request Smuggling due to illegal characters in headers bsc1248737 Tenable has extracted the preceding...

Security update for python-h2

This update for python-h2 fixes the following issues: CVE-2025-57804: Fixed HTTP Request Smuggling due to illegal characters in headers bsc1248737 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-h2 (SUSE-SU-2025:03199-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2025:03199-1 advisory. - CVE-2025-57804: Fixed HTTP Request Smuggling due to illegal characters in headers bsc1248737 Tenable h...

SUSE-SU-2025:03199-1 Security update for python-h2

This update for python-h2 fixes the following issues: - CVE-2025-57804: Fixed HTTP Request Smuggling due to illegal characters in headers bsc1248737...

Streams: component version with information disclosure flaw

A flaw was found in Red Hat's AMQ-Streams, which ships a version of the OKHttp component with an information disclosure flaw via an exception triggered by a header containing an illegal value. This issue could allow an authenticated attacker to access information outside of their regular...

The vulnerability in the implementation of the `rejectIllegalHeader` attribute in the Apache Tomcat application server allows a attacker to send hidden HTTP requests (HTTP Request Smuggling attack).

The vulnerability of the Apache Tomcat application server’s implementation of the rejectIllegalHeader attribute is related to deficiencies in the processing of HTTP requests containing the Content-Length header. Exploiting this vulnerability allows a malicious actor to send hidden HTTP requests...

GHSA-P22X-G9PX-3945 Apache Tomcat may reject request containing invalid Content-Length header

If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false the default for 8.5.x only, Tomcat did not reject a request containing an invalid Content-Length header making a...

UBUNTU-CVE-2022-42252

If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false the default for 8.5.x only, Tomcat did not reject a request containing an invalid Content-Length header making a...

Apache Tomcat 环境问题漏洞

Apache Tomcat is a lightweight Web application server from the Apache Foundation. The program implements support for Servlet and JavaServer Page JSP. Apache Tomcat has an environment problem vulnerability that stems from the fact that Tomcat may have a request smuggling problem Request Smuggling...

GHSA-63CQ-PPQ8-CW6G Improper Input Validation in RESTEasy

A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final and all resteasy 4.x.x versions prior to 4.6.0.Final, where an improper input validation results in returning an illegal header that integrates into the server's response. This flaw may result in an injection, which leads to...

OESA-2022-1483 resteasy security update

Framework for RESTful Web services and Java applications. Security Fixes: A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final and all resteasy 4.x.x versions prior to 4.6.0.Final, where an improper input validation results in returning an illegal header that integrates into the...

Updated resteasy packages fix a security vulnerability

A flaw was found in Resteasy, where an improper input validation results in returning an illegal header that integrates into the server's response. This flaw may result in an injection, which leads to unexpected behavior when the HTTP response is constructed CVE-2020-1695...

Improper Input Validation

resteasy-jaxrs is vulnerble to improper input validation. The attack exists because it does not properly handle the response headers in MediaTypeHeaderDelegate.java, leading to a return of an illegal header to be integrated in the server's response...

CVE-2020-1695

A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final and all resteasy 4.x.x versions prior to 4.6.0.Final, where an improper input validation results in returning an illegal header that integrates into the server's response. This flaw may result in an injection, which leads to...

Input validation

A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final and all resteasy 4.x.x versions prior to 4.6.0.Final, where an improper input validation results in returning an illegal header that integrates into the server's response. This flaw may result in an injection, which leads to...

CVE-2020-1695

A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final and all resteasy 4.x.x versions prior to 4.6.0.Final, where an improper input validation results in returning an illegal header that integrates into the server's response. This flaw may result in an injection, which leads to...

CVE-2015-2080

The exception handling code in Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak...