16 matches found
EUVD-2015-5686
Malware in sbrugna...
Cross-Site Request Forgery (CSRF)
github.com/justinas/nosurf is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to misuse of the Go net/http library, which causes nosurf to treat all incoming requests as plain-text HTTP. As a result, it fails to verify that the Referer header is from the same origin,...
HTTP/2 rapid reset can cause excessive work in net/http
...
SUSE CVE-2015-5740
The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request with two Content-length headers...
golang: net/http: limit growth of header canonicalization cache
There's an uncontrolled resource consumption flaw in golang's net/http library in the canonicalHeader function. An attacker who submits specially crafted requests to applications linked with net/http's http2 functionality could cause excessive resource consumption that could lead to a denial of...
Design/Logic Flaw
The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request that contains Content-Length and Transfer-Encoding header fields...
CVE-2015-5741
The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request that contains Content-Length and Transfer-Encoding header fields...
CVE-2015-5741
CVE-2015-5741 : The Go net/http implementation (net/http/transfer.go) before 1.4.3 fails to correctly parse HTTP headers, enabling remote attackers to perform HTTP request smuggling via requests containing both Content-Length and Transfer-Encoding. This is documented across multiple sources in th...
CVE-2015-5741
The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request that contains Content-Length and Transfer-Encoding header fields...
Security Bulletin: IBM Cloud Kubernetes Service is affected by Kubernetes security vulnerabilities (CVE-2019-9512, CVE-2019-9514)
Summary IBM Cloud Kubernetes Service is affected by security vulnerabilities in the net/http library of the Go language that affects all Kubernetes components. These vulnerabilities can result in a denial-of-service attack against a process with an HTTP or HTTPS listener CVE-2019-9512 and...
CVE-2015-5739
The net/http library in net/textproto/reader.go in Go before 1.4.3 does not properly parse HTTP header keys, which allows remote attackers to conduct HTTP request smuggling attacks via a space instead of a hyphen, as demonstrated by "Content Length" instead of "Content-Length."...
CVE-2015-5739
The net/http library in net/textproto/reader.go in Go before 1.4.3 does not properly parse HTTP header keys, which allows remote attackers to conduct HTTP request smuggling attacks via a space instead of a hyphen, as demonstrated by "Content Length" instead of "Content-Length."...
CVE-2015-5740
The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request with two Content-length headers...
CVE-2015-5740
The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request with two Content-length headers...
golang: HTTP request smuggling in net/http library
HTTP-request vulnerabilities have been found in the Golang net/http and net/textproto libraries. Request headers with double Content-Length fields do not generate a 400 error the second field is ignored, and invalid fields are parsed as valid for example, "Content Length:" with a space in the...
Amazon Linux: Security Advisory (ALAS-2015-588)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...