h11 accepts some malformed Chunked-Encoding bodies

Impact A leniency in h11's parsing of line terminators in chunked-coding message bodies can lead to request smuggling vulnerabilities under certain conditions. Details HTTP/1.1 Chunked-Encoding bodies are formatted as a sequence of "chunks", each of which consists of: - chunk length - \r\n - leng...

HTTP Request Smuggling

bottle is vulnerable to HTTP request smuggling. An attacker is able to send a malicious request containing a separate query parameter using a semicolon ;, resulting in unexpected interpretations of the request between the proxy and the server, and potentially poisoning the web cache...

CVE-2017-2666

It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP...

PT-2018-3343 · Apache · Apache Netbeans

Name of the Vulnerable Software and Affected Versions: Apache NetBeans versions 9.0 Description: The issue is related to the Proxy Auto-Configuration PAC file in the Apache NetBeans development environment, which fails to neutralize script code in attributes on a web page. This can allow a remote...