SUSE-SU-2025:20330-1 Security update for python-h11, python-httpcore

This update for python-h11, python-httpcore fixes the following issues: python-h11: - Update 0.16.0: CVE-2025-43859: Fixed accepting of malformed Chunked-Encoding bodies bsc1241872 - 0.15.0: Reject Content-Lengths = 1 zettabyte 1 billion terabytes early, without attempting to parse the integer 18...

Important: Red Hat Security Advisory: Red Hat OpenStack Platform 17.1 (python-h11) security update

An update for python-h11 is now available for Red Hat OpenStack Platform 17.1 Wallaby. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

h11 accepts some malformed Chunked-Encoding bodies

Impact A leniency in h11's parsing of line terminators in chunked-coding message bodies can lead to request smuggling vulnerabilities under certain conditions. Details HTTP/1.1 Chunked-Encoding bodies are formatted as a sequence of "chunks", each of which consists of: - chunk length - \r\n - leng...

Amazon Linux: Security Advisory (ALAS-2015-527)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Tomcat/JBossWeb: request smuggling and limited DoS in ChunkedInputFilter

It was discovered that the ChunkedInputFilter in Tomcat did not fail subsequent attempts to read input after malformed chunked encoding was detected. A remote attacker could possibly use this flaw to make Tomcat process part of the request body as new request, or cause a denial of service...

Tomcat/JBossWeb: request smuggling and limited DoS in ChunkedInputFilter

It was discovered that the ChunkedInputFilter in Tomcat did not fail subsequent attempts to read input after malformed chunked encoding was detected. A remote attacker could possibly use this flaw to make Tomcat process part of the request body as new request, or cause a denial of service...

Tomcat/JBossWeb: request smuggling and limited DoS in ChunkedInputFilter

It was discovered that the ChunkedInputFilter in Tomcat did not fail subsequent attempts to read input after malformed chunked encoding was detected. A remote attacker could possibly use this flaw to make Tomcat process part of the request body as new request, or cause a denial of service...

Tomcat/JBossWeb: request smuggling and limited DoS in ChunkedInputFilter

It was discovered that the ChunkedInputFilter in Tomcat did not fail subsequent attempts to read input after malformed chunked encoding was detected. A remote attacker could possibly use this flaw to make Tomcat process part of the request body as new request, or cause a denial of service...

Tomcat/JBossWeb: request smuggling and limited DoS in ChunkedInputFilter

It was discovered that the ChunkedInputFilter in Tomcat did not fail subsequent attempts to read input after malformed chunked encoding was detected. A remote attacker could possibly use this flaw to make Tomcat process part of the request body as new request, or cause a denial of service...

Tomcat/JBossWeb: request smuggling and limited DoS in ChunkedInputFilter

It was discovered that the ChunkedInputFilter in Tomcat did not fail subsequent attempts to read input after malformed chunked encoding was detected. A remote attacker could possibly use this flaw to make Tomcat process part of the request body as new request, or cause a denial of service...