2 matches found
net/http: Request smuggling due to acceptance of invalid chunked data in net/http
A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed LF instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to se...
The vulnerability of Ivanti Connect Secure (formerly Pulse Connect Secure) and Ivanti Policy Secure, related to the failure to handle CRLF sequences properly, allows a violator to execute arbitrary code.
The vulnerability of Ivanti Connect Secure previously known as Pulse Connect Secure and Ivanti Policy Secure lies in the lack of measures to neutralize CRLF sequences. Exploiting this vulnerability allows a malicious actor, operating remotely, to execute arbitrary commands with root privileges by...