Lucene search
+L

5 matches found

OSV
OSV
added 2026/06/02 2:15 p.m.4 views

CVE-2026-48861 CRLF injection in HTTP/1 request line via unvalidated method in Mint

Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in elixir-mint Mint allows HTTP Request Splitting and HTTP Request Smuggling. In lib/mint/http1/request.ex, the encoderequestline/2 function splices the caller-supplied method and target arguments directly into the HTTP/1...

2.1CVSS6.1AI score0.00166EPSS
Exploits0References10
NVD
NVD
added 2026/05/06 10:16 p.m.26 views

CVE-2026-41417

Netty allows request-line validation to be bypassed when a DefaultHttpRequest or DefaultFullHttpRequest is created first and its URI is later changed via setUri. The constructors reject CRLF and whitespace characters that would break the start-line, but setUri does not apply the same validation...

5.3CVSS0.00307EPSS
Exploits1References1
F5 Networks
F5 Networks
added 2023/02/21 6:54 p.m.21 views

K63312282: BIG-IP LTM HTTP/2 desync attacks: request line injection

Security Advisory Description Multiple desync attacks have been discovered. For more information refer to the following related articles: K27144609: Overview of HTTP/2 desync attacks K30341203: BIG-IP LTM and NGINX are not exposed to certain desync attacks K97045220: BIG-IP LTM HTTP/2 desync...

7.1AI score
Exploits0
Hacker One
Hacker One
added 2021/11/04 1:39 p.m.153 views

Internet Bug Bounty: Request line injection via HTTP/2 in Apache mod_proxy

I've written this issue up fully here: https://portswigger.net/research/http2request In case it's useful, here's the original report as sent to Apache: I'd like to report a vulnerability in Apache modproxy when used with HTTP/2 enabled. It fails to reject HTTP requests that contain spaces in the...

5CVSS8.1AI score0.46179EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2016/12/01 12:0 a.m.207 views

Apache Tomcat 8.5.0 < 8.5.8 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 8.5.8. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat8.5.8security-8 advisory. - Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39...

9.8CVSS7.3AI score0.90338EPSS
Exploits8References8
Rows per page
Query Builder