10 matches found
AIOHTTP has unicode match groups in regexes for ASCII protocol elements
Summary The parser allows non-ASCII decimals to be present in the Range header. Impact There is no known impact, but there is the possibility that there's a method to exploit a request smuggling vulnerability. ---- Patch:...
Linux Distros Unpatched Vulnerability : CVE-2022-23959
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS before 6.0.10, and and Varnish Enterprise Cache Plus 4.1.x before 4.1.11r6 and 6.0.x...
Linux Distros Unpatched Vulnerability : CVE-2025-22871
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server ...
Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2025-1585)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Linux Distros Unpatched Vulnerability : CVE-2023-40167
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Jetty is a Java based web server and servlet engine. Prior to versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1, Jetty accepts the + character proceeding the...
PT-2023-8633
Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 11.0.0-M1 through 11.0.0-M10 Apache Tomcat versions 10.1.0-M1 through 10.1.15 Apache Tomcat versions 9.0.0-M1 through 9.0.82 Apache Tomcat versions 8.5.0 through 8.5.95 Description The issue is related to an Improper Inp...
PT-2023-8839 · Aiohttp +5 · Aiohttp +5
Name of the Vulnerable Software and Affected Versions: aiohttp versions prior to 3.8.6 Description: The HTTP parser in aiohttp has numerous problems with header parsing, which could lead to request smuggling. This issue is related to the handling of Content-Length values, improper handling of NUL...
httpd: Errors encountered during the discarding of request body lead to HTTP request smuggling
A flaw was found in httpd. The inbound connection is not closed when it fails to discard the request body, which may expose the server to HTTP request smuggling...
httpd: Errors encountered during the discarding of request body lead to HTTP request smuggling
A flaw was found in httpd. The inbound connection is not closed when it fails to discard the request body, which may expose the server to HTTP request smuggling...
httpd: Errors encountered during the discarding of request body lead to HTTP request smuggling
A flaw was found in httpd. The inbound connection is not closed when it fails to discard the request body, which may expose the server to HTTP request smuggling...