Lucene search
K

201 matches found

RedHat Linux
RedHat Linux
added 2026/06/10 8:25 p.m.9 views

undertow: Undertow: Request smuggling via `\r\r\r` as a header block terminator

A flaw was found in Undertow. A remote attacker can exploit this vulnerability by sending \r\r\r as a header block terminator. This can be used for request smuggling with certain proxy servers, such as older versions of Apache Traffic Server and Google Cloud Classic Application Load Balancer,...

9.1CVSS5.4AI score0.00706EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/03/28 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-28367

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Undertow. A remote attacker can exploit this vulnerability by sending \r\r\r as a header block terminator. This can be used for request...

9.1CVSS5.5AI score0.00706EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/27 6:31 p.m.5 views

EUVD-2026-16694

A flaw was found in Undertow. A remote attacker can exploit this vulnerability by sending \r\r\r as a header block terminator. This can be used for request smuggling with certain proxy servers, such as older versions of Apache Traffic Server and Google Cloud Classic Application Load Balancer,...

8.7CVSS5.8AI score0.00706EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/27 6:31 p.m.8 views

HTTP Request Smuggling

Overview io.undertow:undertow-core is a Java web server based on non-blocking IO. Affected versions of this package are vulnerable to HTTP Request Smuggling via the proxy server. An attacker can gain unauthorized access or manipulate web requests by sending specially crafted header block...

9.1CVSS5.3AI score0.00706EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/27 6:31 p.m.6 views

Undertow is Vulnerable to HTTP Request/Response Smuggling

A flaw was found in Undertow. A remote attacker can exploit this vulnerability by sending \r\r\r as a header block terminator. This can be used for request smuggling with certain proxy servers, such as older versions of Apache Traffic Server and Google Cloud Classic Application Load Balancer,...

9.1CVSS5.8AI score0.00706EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/03/27 6:31 p.m.4 views

GHSA-3GV6-G396-9V4R Undertow is Vulnerable to HTTP Request/Response Smuggling

A flaw was found in Undertow. A remote attacker can exploit this vulnerability by sending \r\r\r as a header block terminator. This can be used for request smuggling with certain proxy servers, such as older versions of Apache Traffic Server and Google Cloud Classic Application Load Balancer,...

8.7CVSS5.8AI score0.00706EPSS
Exploits0References6
NVD
NVD
added 2026/03/27 5:16 p.m.6 views

CVE-2026-28367

A flaw was found in Undertow. A remote attacker can exploit this vulnerability by sending \r\r\r as a header block terminator. This can be used for request smuggling with certain proxy servers, such as older versions of Apache Traffic Server and Google Cloud Classic Application Load Balancer,...

9.1CVSS0.00706EPSS
Exploits0References4
OSV
OSV
added 2026/03/27 5:16 p.m.7 views

DEBIAN-CVE-2026-28367

A flaw was found in Undertow. A remote attacker can exploit this vulnerability by sending \r\r\r as a header block terminator. This can be used for request smuggling with certain proxy servers, such as older versions of Apache Traffic Server and Google Cloud Classic Application Load Balancer,...

9.1CVSS5.5AI score0.00706EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/03/27 5:16 p.m.7 views

CVE-2026-28367

A flaw was found in Undertow. A remote attacker can exploit this vulnerability by sending \r\r\r as a header block terminator. This can be used for request smuggling with certain proxy servers, such as older versions of Apache Traffic Server and Google Cloud Classic Application Load Balancer,...

9.1CVSS5.8AI score0.00706EPSS
Exploits0References3
OSV
OSV
added 2026/03/27 5:16 p.m.7 views

UBUNTU-CVE-2026-28367

A flaw was found in Undertow. A remote attacker can exploit this vulnerability by sending \r\r\r as a header block terminator. This can be used for request smuggling with certain proxy servers, such as older versions of Apache Traffic Server and Google Cloud Classic Application Load Balancer,...

9.1CVSS5.7AI score0.00706EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/27 4:13 p.m.3 views

CVE-2026-28367 Undertow: undertow: request smuggling via `\r\r\r` as a header block terminator

A flaw was found in Undertow. A remote attacker can exploit this vulnerability by sending \r\r\r as a header block terminator. This can be used for request smuggling with certain proxy servers, such as older versions of Apache Traffic Server and Google Cloud Classic Application Load Balancer,...

8.7CVSS5.8AI score0.00706EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/27 4:13 p.m.4 views

CVE-2026-28367

A flaw was found in Undertow. A remote attacker can exploit this vulnerability by sending \r\r\r as a header block terminator. This can be used for request smuggling with certain proxy servers, such as older versions of Apache Traffic Server and Google Cloud Classic Application Load Balancer,...

8.7CVSS5.8AI score0.00706EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/03/27 4:13 p.m.7 views

CVE-2026-28367

A flaw was found in Undertow. A remote attacker can exploit this vulnerability by sending \r\r\r as a header block terminator. This can be used for request smuggling with certain proxy servers, such as older versions of Apache Traffic Server and Google Cloud Classic Application Load Balancer,...

9.1CVSS5.4AI score0.00706EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/03/27 12:0 a.m.11 views

PT-2026-28376

Name of the Vulnerable Software and Affected Versions Undertow affected versions not specified Description A flaw exists in Undertow that allows a remote attacker to exploit the software by sending rrr as a header block terminator. This can be used for request smuggling with certain proxy servers...

9.1CVSS5.9AI score0.00706EPSS
Exploits0References17
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.12 views

Squid 安全漏洞

Squid is a set of open-source proxy servers and web caching servers developed by Squid. This software provides features such as caching the World Wide Web, filtering traffic, and proxy access. Prior to Squid 7.5, there were security vulnerabilities. These vulnerabilities stemmed from premature...

8.7CVSS6AI score0.08931EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/09 9:17 a.m.16 views

CVE-2025-23289

NVIDIA Omniverse Launcher for Windows and Linux contains a vulnerability in the launcher logs, where a user could cause sensitive information to be written to the log files through proxy servers. A successful exploit of this vulnerability might lead to information disclosure...

5.5CVSS5.9AI score0.00129EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/24 12:0 a.m.5 views

Blitz Panel 安全漏洞

Blitz Panel is a comprehensive administration panel for proxy servers by Whispering Wind Personal Developers. A security vulnerability exists in Blitz Panel version 1.17.0, which stems from an open redirection in the nexturl parameter in the login endpoint that could lead to phishing attacks or...

6.5CVSS6.7AI score0.00161EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2025/10/08 12:0 a.m.3 views

The vulnerability of proxy servers with advanced web content filtering functions like Privoxy arises from insufficient validation of input data, allowing attackers to trigger service interruptions.

The vulnerability of a proxy server with extended filtering functions for web content, such as Privoxy, is related to insufficient validation of input data in the geturlspecparam function. Exploiting this vulnerability can allow an attacker to cause a service failure...

7.8CVSS7.1AI score0.01302EPSS
Exploits0References6Affected Software4
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2006-2783

Malware in sbrugna...

2.6CVSS8.9AI score0.01766EPSS
Exploits0References59
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2015-3234

Malware in sbrugna...

5CVSS8.5AI score0.07538EPSS
Exploits0References18
Rows per page
Query Builder