19 matches found
Moderate Photon OS Security Update - PHSA-2024-4.0-0713
Updates of 'rubygem-protocol-http1' packages of Photon OS have been released...
Moderate Photon OS Security Update - PHSA-2024-5.0-0405
Updates of 'linux', 'linux-esx', 'rubygem-protocol-http1' packages of Photon OS have been released...
CBL Mariner 2.0 Security Update: rubygem-protocol-http1 (CVE-2023-38697)
The version of rubygem-protocol-http1 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-38697 advisory. - protocol-http1 provides a low-level implementation of the HTTP/1 protocol. RFC 9112 Section...
CVE-2023-38697 affecting package rubygem-protocol-http1 for versions less than 0.15.1-1
CVE-2023-38697 affecting package rubygem-protocol-http1 for versions less than 0.15.1-1. An upgraded version of the package is available that resolves this issue...
HTTP Request Smuggling
protocol-http1 is vulnerable to HTTP Request Smuggling. The vulnerability exists in the read function of chunked.rb due to improper HTTP/1 implementation based on the RFC spec, such as allowing Content-Length header values with a + or 0x prefix, which can lead to HTTP request smuggling and firewa...
CVE-2023-38697
A flaw was found in the protocol-http1 rubygem package. The protocol-http1 provides a low-level implementation of the HTTP/1 protocol. This behavior can lead to desync when forwarding through multiple HTTP parsers, potentially resulting in HTTP request smuggling and firewall bypassing...
DEBIAN-CVE-2023-38697
protocol-http1 provides a low-level implementation of the HTTP/1 protocol. RFC 9112 Section 7.1 defined the format of chunk size, chunk data and chunk extension. The value of Content-Length header should be a string of 0-9 digits, the chunk size should be a string of hex digits and should split...
CVE-2023-38697
protocol-http1 provides a low-level implementation of the HTTP/1 protocol. RFC 9112 Section 7.1 defined the format of chunk size, chunk data and chunk extension. The value of Content-Length header should be a string of 0-9 digits, the chunk size should be a string of hex digits and should split...
UBUNTU-CVE-2023-38697
protocol-http1 provides a low-level implementation of the HTTP/1 protocol. RFC 9112 Section 7.1 defined the format of chunk size, chunk data and chunk extension. The value of Content-Length header should be a string of 0-9 digits, the chunk size should be a string of hex digits and should split...
CVE-2023-38697
protocol-http1 provides a low-level implementation of the HTTP/1 protocol. RFC 9112 Section 7.1 defined the format of chunk size, chunk data and chunk extension. The value of Content-Length header should be a string of 0-9 digits, the chunk size should be a string of hex digits and should split...
Design/Logic Flaw
protocol-http1 provides a low-level implementation of the HTTP/1 protocol. RFC 9112 Section 7.1 defined the format of chunk size, chunk data and chunk extension. The value of Content-Length header should be a string of 0-9 digits, the chunk size should be a string of hex digits and should split...
CVE-2023-38697 protocol-http1 HTTP Request/Response Smuggling vulnerability
protocol-http1 provides a low-level implementation of the HTTP/1 protocol. RFC 9112 Section 7.1 defined the format of chunk size, chunk data and chunk extension. The value of Content-Length header should be a string of 0-9 digits, the chunk size should be a string of hex digits and should split...
CVE-2023-38697
The CVE-2023-38697 entry concerns protocol-http1 (HTTP/1) parsing: Falcon’s RFC-compliant checks on Content-Length and chunk size can be bypassed by accepting +, 0x prefixes, and LF in chunk extensions, causing desynchronization across HTTP parsers and enabling HTTP request smuggling or firewall ...
CVE-2023-38697 protocol-http1 HTTP Request/Response Smuggling vulnerability
protocol-http1 provides a low-level implementation of the HTTP/1 protocol. RFC 9112 Section 7.1 defined the format of chunk size, chunk data and chunk extension. The value of Content-Length header should be a string of 0-9 digits, the chunk size should be a string of hex digits and should split...
CVE-2023-38697
protocol-http1 provides a low-level implementation of the HTTP/1 protocol. RFC 9112 Section 7.1 defined the format of chunk size, chunk data and chunk extension. The value of Content-Length header should be a string of 0-9 digits, the chunk size should be a string of hex digits and should split...
protocol-http1 HTTP Request/Response Smuggling vulnerability
Impact RFC 9112 Section 7.1 defined the format of chunk size, chunk data and chunk extension detailed ABNF is in Appendix section. In summary: - The value of Content-Length header should be a string of 0-9 digits. - The chunk size should be a string of hex digits and should split from chunk data...
HTTP Request Smuggling
Overview Affected versions of this package are vulnerable to HTTP Request Smuggling due to improper RFC implementation. This behavior can lead to desync when forwarding through multiple HTTP parsers, potentially resulting in HTTP request smuggling and firewall bypassing. Remediation Upgrade...
protocol-http1 HTTP Request/Response Smuggling vulnerability
Impact RFC 9112 Section 7.1 defined the format of chunk size, chunk data and chunk extension detailed ABNF is in Appendix section. In summary: - The value of Content-Length header should be a string of 0-9 digits. - The chunk size should be a string of hex digits and should split from chunk data...
PT-2023-4258
Name of the Vulnerable Software and Affected Versions protocol-http1 versions prior to 0.15.1 Description The issue is related to the implementation of the HTTP/1 protocol in protocol-http1, specifically with the handling of HTTP requests. The problem arises from the acceptance of non-standard...