GHSA-C67R-GC9J-2QF7 Bandit is vulnerable to CL.CL request smuggling via unrejected duplicate `Content-Length` header

Summary Bandit is vulnerable to CL.CL HTTP request smuggling: it silently accepts requests with two Content-Length headers whose values differ, takes the first value, and dispatches the body bytes as a second pipelined request on the same keep-alive connection. RFC 9110 §5.3 prohibits multiple...

EUVD-2011-1717

Malware in sbrugna...

Design/Logic Flaw

The llhttp parser v14.20.1, v16.17.1 and v18.9.1 in the http module in Node.js does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling HRS...

Fedora 20 : php-5.5.22-1.fc20 (2015-2328)

19 Feb 2015, PHP 5.5.22 Core : - Fixed bug 67068 getClosure returns somethings that's not a closure. Danack at basereality dot com - Fixed bug 68925 Mitigation for CVE-2015-0235 ' GHOST: glibc gethostbyname buffer overflow. Stas - Fixed bug 68942 Use after free vulnerability in unserialize with...

Fedora 21 : php-5.6.6-1.fc21 (2015-2315)

19 Feb 2015, PHP 5.6.6 Core : - Removed support for multi-line headers, as the are deprecated by RFC 7230. Stas - Fixed bug 67068 getClosure returns somethings that's not a closure. Danack at basereality dot com - Fixed bug 68942 Use after free vulnerability in unserialize with DateTimeZone...

PHP < 5.3.11 Multiple Vulnerabilities

According to its banner, the version of PHP installed on the remote host is earlier than 5.3.11, and as such is potentially affected by multiple vulnerabilities : - During the import of environment variables, temporary changes to the 'magicquotesgpc' directive are not handled properly. This can...

CVE-2011-1718

The Web Agents component in CA SiteMinder R6 before SP6 CR2 and R12 before SP3 CR2 does not properly handle multi-line headers, which allows remote authenticated users to conduct impersonation attacks and gain privileges via crafted data...

CVE-2011-1718

The Web Agents component in CA SiteMinder R6 before SP6 CR2 and R12 before SP3 CR2 does not properly handle multi-line headers, which allows remote authenticated users to conduct impersonation attacks and gain privileges via crafted data...

CVE-2011-1718

The Web Agents component in CA SiteMinder R6 before SP6 CR2 and R12 before SP3 CR2 does not properly handle multi-line headers, which allows remote authenticated users to conduct impersonation attacks and gain privileges via crafted data...

CA20110420-01: Security Notice for CA SiteMinder

CA20110420-01: Security Notice for CA SiteMinder Issued: April 20, 2011 CA Technologies support is alerting customers to a security risk associated with CA SiteMinder. A vulnerability exists that can allow a malicious user to impersonate another user. CA Technologies has issued patches to address...