7 matches found
CVE-2026-31870
A flaw was found in cpp-httplib. A remote attacker, acting as a malicious server or through a man-in-the-middle position, can send a specially crafted HTTP response with a malformed Content-Length header. This lack of input validation and exception handling causes the client application to crash,...
CVE-2026-31870 cpp-httplib Affected by Remote Process Crash via Malformed Content-Length Response Header
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.37.1, when a cpp-httplib client uses the streaming API httplib::stream::Get, httplib::stream::Post, etc., the library calls std::stoull directly on the Content-Length header value received from the server...
CVE-2025-41706 Phoenix Contact: Webserver Denial of Service through Malformed Content-Length
The webserver is vulnerable to a denial of service condition. An unauthenticated remote attacker can craft a special GET request with an over-long content-length to trigger the issue without affecting the core functionality...
CVE-2023-0587
A file upload vulnerability in exists in Trend Micro Apex One server build 11110. Using a malformed Content-Length header in an HTTP PUT message sent to URL /officescan/console/html/cgi/fcgiOfcDDA.exe, an unauthenticated remote attacker can upload arbitrary files to the SampleSubmission directory...
haproxy: Proxy forwards malformed empty Content-Length headers
A flaw was found in HAProxy. Empty Content-Length headers are forwarded, which could cause an HTTP/1 server behind it to interpret the payload as an extra request. This may render the HTTP/1 server vulnerable to attacks in some uncommon cases...
CVE-2022-42252 Apache Tomcat request smuggling via malformed content-length
If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false the default for 8.5.x only, Tomcat did not reject a request containing an invalid Content-Length header making a...
Savant Web Server Malformed Content-Length DoS
The Savant web server on the remote host crashes when it receives an invalid GET HTTP request with a negative Content-Length field. A remote attacker can leverage this issue to disable the affected service. C Tenable Network Security, Inc. References: Date: Fri, 13 Sep 2002 19:55:05 +0000 From...