HTTP Request Smuggling

h11 is vulnerable to HTTP Request Smuggling. The vulnerability is due to improper input validation in lenient parsing of line terminators in chunked transfer encoding, which can be exploited when combined with a misconfigured proxy...

CVE-2023-49792 Bruteforce protection can be bypassed with misconfigured proxy

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. In Nextcloud Server prior to versions 26.0.9 and 27.1.4; as well as Nextcloud Enterprise Server prior to versions 23.0.12.13, 24.0.12.9, 25.0.13.4, 26.0.9, and 27.1.4; when a reverse proxy is configured as truste...

Bruteforce protection can be bypassed with misconfigured proxy

None...

Mail.ru: [my.games, lootdog.io] XSS via MCS Bucket

Proxy pass for the path in my.games and lootdog.io domains was misconfigured to point to the root of public S3 storage, allowing to place static content in the domain path leading to XSS possibility...

tomcat: Mishandling of Transfer-Encoding header allows for HTTP request smuggling

A flaw was found in Apache Tomcat. The HTTP header parsing code used an approach to end-of-line EOL parsing that allowed some invalid HTTP headers to be parsed as valid. This led to the possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the...

PT-2020-3259

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 7.0.0 through 7.0.99 Apache Tomcat versions 8.5.0 through 8.5.50 Apache Tomcat versions 9.0.0.M1 through 9.0.30 Description The issue is related to the HTTP header parsing code, which used an approach to end-of-line...