Lucene search
+L

107 matches found

f5
f5
added 2023/02/21 6:48 p.m.366 views

K50375550: A specifically crafted HTTP request may lead the BIG-IP system to pass malformed HTTP requests to a target pool member web server (HTTP Desync Attack)

Security Advisory Description A specifically crafted HTTP request that contains Content-Length and Transfer-Encoding headers may lead the BIG-IP system to pass malformed HTTP requests to a target pool member web server. This issue occurs when the following condition is met: A virtual server...

6.7AI score
Exploits0
f5
f5
added 2023/02/21 6:35 p.m.59 views

K10420455: Python urllib and urllib2 library vulnerability CVE-2016-5699

Security Advisory Description CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython aka Python before 2.7.10 and 3.x before 3.4.4 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in a URL. CVE-2016-5699 Impact An attacker...

6.1CVSS7.9AI score0.10238EPSS
Exploits3Affected Software1
osv
osv
added 2023/02/07 9:39 a.m.19 views

SUSE-SU-2023:0294-1 Security update for apache2

This update for apache2 fixes the following issues: - CVE-2022-37436: Fixed an issue in modproxy where a malicious backend could cause the response headers to be truncated early, resulting in some headers being incorporated into the response body bsc1207251. - CVE-2022-36760: Fixed an issue in...

9CVSS7.2AI score0.57941EPSS
Exploits0References7
ubuntu
ubuntu
added 2023/02/01 1:9 p.m.172 views

USN-5839-1: Apache HTTP Server vulnerabilities

It was discovered that the Apache HTTP Server moddav module incorrectly handled certain If: request headers. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. CVE-2006-20001 ZeddYuLu discovered that the Apache HTTP Server modproxyajp...

9CVSS7.1AI score0.57941EPSS
Exploits0
osv
osv
added 2023/01/14 12:30 a.m.36 views

GHSA-FXG5-WQ6X-VR4W golang.org/x/net/http2/h2c vulnerable to request smuggling attack

A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the server attempts to read HTTP2 frames from the connection, it will instead be reading the body of the HTTP request, which could be...

7.5CVSS7.5AI score0.01814EPSS
Exploits1References7
nessus
nessus
added 2022/12/02 12:0 a.m.31 views

SUSE SLES12: tomcat / tomcat-admin-webapps / tomcat-docs-webapp / etc (SUSE-SU-2022:4303-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:4303-1 advisory. - CVE-2022-42252: Fixed a request smuggling bsc1204918. Tenable has extracted the preceding description block directly from the SUSE securit...

7.5CVSS6.8AI score0.01448EPSS
Exploits0References4
nessus
nessus
added 2022/11/02 12:0 a.m.271 views

Apache Tomcat 10.0.0.M1 < 10.0.27

The version of Tomcat installed on the remote host is prior to 10.0.27. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat10.0.27security-10 advisory. - If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was...

7.5CVSS7AI score0.01448EPSS
Exploits0References3
osv
osv
added 2022/11/01 12:0 a.m.36 views

CVE-2022-42252 Apache Tomcat request smuggling via malformed content-length

If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false the default for 8.5.x only, Tomcat did not reject a request containing an invalid Content-Length header making a...

7.5CVSS6.7AI score0.01448EPSS
Exploits0References4
threatpost
threatpost
added 2022/08/15 1:56 p.m.112 views

Black Hat and DEF CON Roundup

There was nothing typical this year at BSides LV, Black Hat USA and DEF CON – also known collectively as Hacker Summer Camp. The weeklong collection of cybersecurity conferences featured an eclectic mix of attendees to learn, network, hack and have fun. The week even included a rare Las Vegas fla...

7AI score
Exploits0References14
osv
osv
added 2022/08/10 6:15 a.m.3 views

UBUNTU-CVE-2022-25763

Improper Input Validation vulnerability in HTTP/2 request validation of Apache Traffic Server allows an attacker to create smuggle or cache poison attacks. This issue affects Apache Traffic Server 8.0.0 to 9.1.2...

7.5CVSS5.8AI score0.01641EPSS
Exploits0References3
ubuntu
ubuntu
added 2022/06/23 8:19 p.m.248 views

USN-5487-3: Apache HTTP Server regression

USN-5487-1 fixed several vulnerabilities in Apache HTTP Server. Unfortunately it caused regressions. USN-5487-2 reverted the patches that caused the regression in Ubuntu 14.04 ESM for further investigation. This update re-adds the security fixes for Ubuntu 14.04 ESM and fixes two different...

9.8CVSS8.3AI score0.90407EPSS
Exploits2References2
ubuntu
ubuntu
added 2022/06/21 1:12 p.m.183 views

USN-5487-1: Apache HTTP Server vulnerabilities

It was discovered that Apache HTTP Server modproxyajp incorrectly handled certain crafted request. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. CVE-2022-26377 It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker...

9.8CVSS8.3AI score0.90407EPSS
Exploits2
prion
prion
added 2022/02/09 8:15 p.m.20 views

Design/Logic Flaw

An HTTP smuggling attack in the web application of D-Link DIR-X1860 before v1.10WWB09Beta allows a remote unauthenticated attacker to DoS the web application via sending a specific HTTP packet...

5CVSS7.5AI score0.03552EPSS
Exploits0References4Affected Software1
nessus
nessus
added 2021/09/30 12:0 a.m.20 views

SUSE SLES15 Security Update : haproxy (SUSE-SU-2021:3258-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2021:3258-1 advisory. - CVE-2021-40346: Fixed request smuggling vulnerability in HTX bsc1189877. Tenable has extracted the preceding description block directly from the SUSE...

7.5CVSS7.4AI score0.57934EPSS
Exploits6References4
bdu_fstec
bdu_fstec
added 2021/07/20 12:0 a.m.10 views

The vulnerability of the Apache Tomcat application server, related to deficiencies in HTTP request processing, allows attackers to send hidden HTTP requests.

The vulnerability of the Apache Tomcat application server is related to deficiencies in HTTP request processing. Exploiting this vulnerability allows a malicious actor to send hidden HTTP requests remotely HTTP Request Smuggling attack...

5.3CVSS6.8AI score0.75353EPSS
Exploits1References10Affected Software7
osv
osv
added 2021/06/18 6:31 p.m.15 views

GHSA-WM2M-XRRP-J74C HTTP Request Smuggling in netius

netius prior to 1.17.58 is vulnerable to HTTP Request Smuggling. HTTP pipelining issues and request smuggling attacks might be possible due to incorrect Transfer encoding header parsing which could allow for CL:TE or TE:TE attacks...

6.1CVSS6.2AI score0.00811EPSS
Exploits0References6
openvas
openvas
added 2021/03/05 12:0 a.m.24 views

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2021-1450)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.8AI score0.03849EPSS
Exploits0References2
nessus
nessus
added 2021/01/14 12:0 a.m.34 views

Amazon Linux AMI : ruby20 (ALAS-2021-1468)

The version of ruby20 installed on the remote host is prior to 2.0.0.648-2.39. It is, therefore, affected by a vulnerability as referenced in the ALAS-2021-1468 advisory. An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server...

7.5CVSS7.4AI score0.03849EPSS
Exploits0References3
qualysblog
qualysblog
added 2020/10/02 6:5 p.m.31 views

Detecting HTTP Request Smuggling with Qualys WAS

HTTP Request Smuggling HRS is a web application vulnerability that enables an attacker to craft a single request that hides a second request within the body of the first request. HRS enables the following types of attack: Web cache poisoning Web cache deception Session hijacking Cross-site...

6.9AI score
Exploits0
ubuntu
ubuntu
added 2020/08/27 5:13 p.m.88 views

USN-4477-1: Squid vulnerabilities

Amit Klein discovered that Squid incorrectly validated certain data. A remote attacker could possibly use this issue to perform an HTTP request smuggling attack, resulting in cache poisoning. CVE-2020-15810 Régis Leroy discovered that Squid incorrectly validated certain data. A remote attacker...

8.6CVSS6.9AI score0.05162EPSS
Exploits0
Rows per page
Query Builder