Lucene search
K

76 matches found

OSV
OSV
added 2024/12/05 7:6 a.m.154 views

BIT-HAPROXY-2024-53008

Inconsistent interpretation of HTTP requests 'HTTP Request/Response Smuggling' issue exists in HAProxy. If this vulnerability is exploited, a remote attacker may access a path that is restricted by ACL Access Control List set on the product. As a result, the attacker may obtain sensitive...

5.3CVSS5AI score0.01043EPSS
Exploits0References7
NVD
NVD
added 2024/11/28 3:15 a.m.29 views

CVE-2024-53008

Inconsistent interpretation of HTTP requests 'HTTP Request/Response Smuggling' issue exists in HAProxy. If this vulnerability is exploited, a remote attacker may access a path that is restricted by ACL Access Control List set on the product. As a result, the attacker may obtain sensitive...

5.3CVSS0.01043EPSS
Exploits0References6
Cvelist
Cvelist
added 2024/11/28 2:10 a.m.20 views

CVE-2024-53008

Inconsistent interpretation of HTTP requests 'HTTP Request/Response Smuggling' issue exists in HAProxy. If this vulnerability is exploited, a remote attacker may access a path that is restricted by ACL Access Control List set on the product. As a result, the attacker may obtain sensitive...

5.3CVSS0.01043EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2024/11/28 2:10 a.m.8 views

CVE-2024-53008

Inconsistent interpretation of HTTP requests 'HTTP Request/Response Smuggling' issue exists in HAProxy. If this vulnerability is exploited, a remote attacker may access a path that is restricted by ACL Access Control List set on the product. As a result, the attacker may obtain sensitive...

5.3CVSS5.3AI score0.01043EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/11/27 12:0 a.m.8 views

JVN#88385716: HAProxy vulnerable to HTTP request/response smuggling

HAProxy HTTP/3 implementation contains an issue on accepting malformed HTTP headers. When a request including malformed HTTP headers is forwarded to a HTTP/1.1 non-compliant back-end server, it is exploited to conduct an HTTP request/response smuggling attack CWE-444. Impact A remote attacker may...

5.3CVSS6.8AI score0.01043EPSS
Exploits0
Cvelist
Cvelist
added 2024/11/18 11:36 a.m.41 views

CVE-2024-52317 Apache Tomcat: Request/response mix-up with HTTP/2

Incorrect object re-cycling and re-use vulnerability in Apache Tomcat. Incorrect recycling of the request and response used by HTTP/2 requests could lead to request and/or response mix-up between users. This issue affects Apache Tomcat: from 11.0.0-M23 through 11.0.0-M26, from 10.1.27 through...

0.02008EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/11/14 12:0 a.m.9 views

PT-2025-1529 · Ibm · Ibm Sterling File Gateway

Name of the Vulnerable Software and Affected Versions: IBM Sterling File Gateway versions 6.0.0.0 through 6.1.2.5 IBM Sterling File Gateway versions 6.2.0.0 through 6.2.0.1 Description: The issue is related to an observable discrepancy in request responses, which could allow an authenticated user...

4.3CVSS7AI score0.00277EPSS
Exploits0References5
CVE
CVE
added 2024/10/07 12:58 p.m.58 views

CVE-2024-23369

CVE-2024-23369 describes a memory corruption issue in Qualcomm chipsets triggered when an invalid length is provided for HLOS-facing FRS/UDS buffers. The root cause is a boundary/length handling defect that can affect the memory region when processing those buffers. The CVE is rated with CVSS v3....

7.8CVSS7.9AI score0.0012EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2024/09/08 12:15 p.m.53 views

CVE-2024-42342

Loway - CWE-444: Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling'...

4.3CVSS0.00264EPSS
Exploits0References1
CVE
CVE
added 2024/09/08 11:58 a.m.57 views

CVE-2024-42342

Loway QueueMetrics is affected by an HTTP request/response smuggling vulnerability (CWE-444). The linked documents identify the issue in QueueMetrics and cite version 22.11.6 as affected, describing it as an environmental issue vulnerability. No explicit fix/version is provided across the connect...

4.3CVSS4.7AI score0.00264EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/09/08 11:58 a.m.66 views

CVE-2024-42342 Loway - CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Loway - CWE-444: Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling'...

4.3CVSS0.00264EPSS
Exploits0References1
Veracode
Veracode
added 2024/07/30 8:38 a.m.16 views

HTTP Request/Response Smuggling

Twisted is vulnerable to HTTP Request/Response Smuggling. The vulnerability is due to the HTTP 1.0 and 1.1 server provided by twisted.web which can process pipelined HTTP requests out-of-order...

8.3CVSS6.7AI score0.01755EPSS
Exploits1References6Affected Software2
OSV
OSV
added 2024/05/20 10:15 a.m.1 views

UBUNTU-CVE-2024-35994

In the Linux kernel, the following vulnerability has been resolved: firmware: qcom: uefisecapp: Fix memory related IO errors and crashes It turns out that while the QSEECOM APPSEND command has specific fields for request and response buffers, uefisecapp expects them both to be in a single memory...

5.5CVSS6.6AI score0.00183EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2024/05/11 12:0 a.m.38 views

RHEL 7 : haproxy (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - haproxy: data leak via fcgi requests CVE-2023-0836 - An uncontrolled resource consumption vulnerability w...

7.8AI score0.02942EPSS
Exploits1References4
Amazon
Amazon
added 2024/04/29 12:0 a.m.37 views

Important: squid

Issue Overview: Due to chunked decoder lenience Squid is vulnerable to Request/Response smuggling attacks when parsing HTTP/1.1 and ICAP messages. CVE-2023-46846 Affected Packages: squid Issue Correction: Run yum update squid or yum update --advisory ALAS-2024-1933 to update your system. New...

9.3CVSS7.9AI score0.05255EPSS
Exploits0
NVD
NVD
added 2024/04/17 7:15 p.m.14 views

CVE-2024-3323

Cross Site Scripting in UI Request/Response Validation in TIBCO JasperReports Server 8.0.4 and 8.2.0 allows allows for the injection of malicious executable scripts into the code of a trusted application that may lead to stealing the user's active session cookie via sending malicious link, entici...

8.3CVSS8.3AI score0.00436EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/04/17 6:53 p.m.10 views

CVE-2024-3323 Reflected Cross Site Scripting (XSS) vulnerability

Cross Site Scripting in UI Request/Response Validation in TIBCO JasperReports Server 8.0.4 and 8.2.0 allows allows for the injection of malicious executable scripts into the code of a trusted application that may lead to stealing the user's active session cookie via sending malicious link, entici...

8.3CVSS7AI score0.00436EPSS
Exploits0References1
CVE
CVE
added 2024/04/17 6:53 p.m.86 views

CVE-2024-3323

CVE-2024-3323 affects TIBCO JasperReports Server versions 8.0.4 and 8.2.0 (UI Request/Response Validation). The issue is a reflected Cross-Site Scripting vulnerability that allows injection of malicious scripts into a trusted app, potentially stealing a user’s active session cookie when a user cl...

8.3CVSS6.9AI score0.00436EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/04/17 6:53 p.m.22 views

CVE-2024-3323 Reflected Cross Site Scripting (XSS) vulnerability

Cross Site Scripting in UI Request/Response Validation in TIBCO JasperReports Server 8.0.4 and 8.2.0 allows allows for the injection of malicious executable scripts into the code of a trusted application that may lead to stealing the user's active session cookie via sending malicious link, entici...

8.3CVSS8.4AI score0.00436EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2024/01/22 6:30 a.m.21 views

chasquid HTTP Request/Response Smuggling vulnerability

chasquid before 1.13 allows SMTP smuggling because LF-terminated lines are accepted...

7.5CVSS6.9AI score0.00468EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder