76 matches found
BIT-HAPROXY-2024-53008
Inconsistent interpretation of HTTP requests 'HTTP Request/Response Smuggling' issue exists in HAProxy. If this vulnerability is exploited, a remote attacker may access a path that is restricted by ACL Access Control List set on the product. As a result, the attacker may obtain sensitive...
CVE-2024-53008
Inconsistent interpretation of HTTP requests 'HTTP Request/Response Smuggling' issue exists in HAProxy. If this vulnerability is exploited, a remote attacker may access a path that is restricted by ACL Access Control List set on the product. As a result, the attacker may obtain sensitive...
CVE-2024-53008
Inconsistent interpretation of HTTP requests 'HTTP Request/Response Smuggling' issue exists in HAProxy. If this vulnerability is exploited, a remote attacker may access a path that is restricted by ACL Access Control List set on the product. As a result, the attacker may obtain sensitive...
CVE-2024-53008
Inconsistent interpretation of HTTP requests 'HTTP Request/Response Smuggling' issue exists in HAProxy. If this vulnerability is exploited, a remote attacker may access a path that is restricted by ACL Access Control List set on the product. As a result, the attacker may obtain sensitive...
JVN#88385716: HAProxy vulnerable to HTTP request/response smuggling
HAProxy HTTP/3 implementation contains an issue on accepting malformed HTTP headers. When a request including malformed HTTP headers is forwarded to a HTTP/1.1 non-compliant back-end server, it is exploited to conduct an HTTP request/response smuggling attack CWE-444. Impact A remote attacker may...
CVE-2024-52317 Apache Tomcat: Request/response mix-up with HTTP/2
Incorrect object re-cycling and re-use vulnerability in Apache Tomcat. Incorrect recycling of the request and response used by HTTP/2 requests could lead to request and/or response mix-up between users. This issue affects Apache Tomcat: from 11.0.0-M23 through 11.0.0-M26, from 10.1.27 through...
PT-2025-1529 · Ibm · Ibm Sterling File Gateway
Name of the Vulnerable Software and Affected Versions: IBM Sterling File Gateway versions 6.0.0.0 through 6.1.2.5 IBM Sterling File Gateway versions 6.2.0.0 through 6.2.0.1 Description: The issue is related to an observable discrepancy in request responses, which could allow an authenticated user...
CVE-2024-23369
CVE-2024-23369 describes a memory corruption issue in Qualcomm chipsets triggered when an invalid length is provided for HLOS-facing FRS/UDS buffers. The root cause is a boundary/length handling defect that can affect the memory region when processing those buffers. The CVE is rated with CVSS v3....
CVE-2024-42342
Loway - CWE-444: Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling'...
CVE-2024-42342
Loway QueueMetrics is affected by an HTTP request/response smuggling vulnerability (CWE-444). The linked documents identify the issue in QueueMetrics and cite version 22.11.6 as affected, describing it as an environmental issue vulnerability. No explicit fix/version is provided across the connect...
CVE-2024-42342 Loway - CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
Loway - CWE-444: Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling'...
HTTP Request/Response Smuggling
Twisted is vulnerable to HTTP Request/Response Smuggling. The vulnerability is due to the HTTP 1.0 and 1.1 server provided by twisted.web which can process pipelined HTTP requests out-of-order...
UBUNTU-CVE-2024-35994
In the Linux kernel, the following vulnerability has been resolved: firmware: qcom: uefisecapp: Fix memory related IO errors and crashes It turns out that while the QSEECOM APPSEND command has specific fields for request and response buffers, uefisecapp expects them both to be in a single memory...
RHEL 7 : haproxy (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - haproxy: data leak via fcgi requests CVE-2023-0836 - An uncontrolled resource consumption vulnerability w...
Important: squid
Issue Overview: Due to chunked decoder lenience Squid is vulnerable to Request/Response smuggling attacks when parsing HTTP/1.1 and ICAP messages. CVE-2023-46846 Affected Packages: squid Issue Correction: Run yum update squid or yum update --advisory ALAS-2024-1933 to update your system. New...
CVE-2024-3323
Cross Site Scripting in UI Request/Response Validation in TIBCO JasperReports Server 8.0.4 and 8.2.0 allows allows for the injection of malicious executable scripts into the code of a trusted application that may lead to stealing the user's active session cookie via sending malicious link, entici...
CVE-2024-3323 Reflected Cross Site Scripting (XSS) vulnerability
Cross Site Scripting in UI Request/Response Validation in TIBCO JasperReports Server 8.0.4 and 8.2.0 allows allows for the injection of malicious executable scripts into the code of a trusted application that may lead to stealing the user's active session cookie via sending malicious link, entici...
CVE-2024-3323
CVE-2024-3323 affects TIBCO JasperReports Server versions 8.0.4 and 8.2.0 (UI Request/Response Validation). The issue is a reflected Cross-Site Scripting vulnerability that allows injection of malicious scripts into a trusted app, potentially stealing a user’s active session cookie when a user cl...
CVE-2024-3323 Reflected Cross Site Scripting (XSS) vulnerability
Cross Site Scripting in UI Request/Response Validation in TIBCO JasperReports Server 8.0.4 and 8.2.0 allows allows for the injection of malicious executable scripts into the code of a trusted application that may lead to stealing the user's active session cookie via sending malicious link, entici...
chasquid HTTP Request/Response Smuggling vulnerability
chasquid before 1.13 allows SMTP smuggling because LF-terminated lines are accepted...