UBUNTU-CVE-2024-11234

In PHP versions 8.1. before 8.1.31, 8.2. before 8.2.26, 8.3. before 8.3.14, when using streams with configured proxy and "requestfulluri" option, the URI is not properly sanitized which can lead to HTTP request smuggling and allow the attacker to use the proxy to perform arbitrary HTTP requests...

Apache Tomcat Input Validation Error Vulnerability (CNVD-2024-27498)

Apache Tomcat is the United States Apache Apache Foundation of a lightweight Web application server. The program implements the Servlet and JavaServer Page JSP support. Apache Tomcat has an input validation error vulnerability that stems from a failure to properly parse the HTTP tail header, whic...

Apache Tomcat 输入验证错误漏洞

Apache Tomcat is the United States Apache Apache Foundation of a lightweight Web application server. The program implements the Servlet and JavaServer Page JSP support. Apache Tomcat has an input validation error vulnerability that stems from a failure to properly parse the HTTP tail header, whic...

AZL-45186 CVE-2023-25690 affecting package mod_http2 for versions less than 2.0.29-3

Some modproxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when modproxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the...

CVE-2020-11077

A flaw was found in rubygem-puma. A client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. If the proxy uses persistent connections and the client adds another request in via HTTP pipelining, the proxy may mistake it as the first...