Lucene search
K

26 matches found

Nuclei
Nuclei
added yesterday50 views

Apache Tomcat - HTTP Request Smuggling

Apache Tomcat from versions 8.5.0 to 8.5.93, 9.0.0-M1 to 9.0.81, 10.1.0-M1 to 10.1.13, and 11.0.0-M1 to 11.0.0-M11 contain an improper input validation caused by incorrect parsing of HTTP trailer headers, letting attackers craft headers to cause request smuggling, exploit requires sending malicio...

5.3CVSS6.7AI score0.05848EPSS
Exploits2References3
CVE
CVE
added 2 days ago7 views

CVE-2026-12606

CVE-2026-12606 affects Eclipse Grizzly prior to 5.0.2. The issue is in parsing the trailer section of malformed trailer headers, which can be exploited to perform HTTP request smuggling. Affected component: Grizzly HTTP parsing logic. Root cause: improper handling of trailer headers in malformed ...

6.3CVSS6.1AI score0.00267EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2 days ago4 views

EUVD-2026-43641

Eclipse Grizzly in versions before 5.0.2, cannot properly parse the trailer section in malformed trailer header's line, which can be leveraged to perform HTTP request smuggling...

6.3CVSS6.1AI score0.00267EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago23 views

CVE-2026-12606

Eclipse Grizzly in versions before 5.0.2, cannot properly parse the trailer section in malformed trailer header's line, which can be leveraged to perform HTTP request smuggling...

6.3CVSS0.00267EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2 days ago6 views

PT-2026-57984

Name of the Vulnerable Software and Affected Versions Eclipse Grizzly versions prior to 5.0.2 Description An issue exists where the software cannot properly parse the trailer section in a malformed trailer header line. This flaw can be leveraged to perform HTTP request smuggling, a technique used...

6.3CVSS6.1AI score0.00267EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in Tomcat9

There is a vulnerability related to improper input validation in Apache Tomcat. In versions of Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82, and from 8.5.0 through 8.5.95, HTTP trailer headers were not parsed correctly. A trailer header th...

7.5CVSS6.9AI score0.02651EPSS
Exploits0References1
Veracode
Veracode
added 2025/11/06 6:36 a.m.8 views

HTTP Request Smuggling

Http4s is vulnerable to HTTP Request Smuggling. The vulnerability is due to improper handling of the HTTP trailer section, which allows an attacker—when the app is deployed behind a reverse proxy that forwards trailer headers—to bypass front-end security controls, target active users, and poison...

7.5CVSS6.9AI score0.00346EPSS
Exploits1References4Affected Software3
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-1607

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.01594EPSS
Exploits0References6
Snyk
Snyk
added 2025/09/23 5:37 p.m.7 views

HTTP Request Smuggling

Overview Affected versions of this package are vulnerable to HTTP Request Smuggling due to improper parsing of the HTTP trailer section in the parse function. An attacker can bypass security controls, launch targeted attacks against users, or poison web caches by crafting specially formed HTTP...

7.5CVSS6.6AI score0.00346EPSS
Exploits1References2
Snyk
Snyk
added 2025/09/23 5:37 p.m.4 views

HTTP Request Smuggling

Overview Affected versions of this package are vulnerable to HTTP Request Smuggling due to improper parsing of the HTTP trailer section in the parse function. An attacker can bypass security controls, launch targeted attacks against users, or poison web caches by crafting specially formed HTTP...

7.5CVSS6.6AI score0.00346EPSS
Exploits1References2
Snyk
Snyk
added 2025/09/23 5:37 p.m.6 views

HTTP Request Smuggling

Overview Affected versions of this package are vulnerable to HTTP Request Smuggling due to improper parsing of the HTTP trailer section in the parse function. An attacker can bypass security controls, launch targeted attacks against users, or poison web caches by crafting specially formed HTTP...

7.5CVSS6.6AI score0.00346EPSS
Exploits1References2
OSV
OSV
added 2024/11/22 2:23 p.m.10 views

OESA-2024-2460 tomcat security update

The Apache Tomcat software is developed in an open and participatory environment and released under the Apache License version 2. The Apache Tomcat project is intended to be a collaboration of the best-of-breed developers from around the world. We invite you to participate in this open developmen...

8.6CVSS6.8AI score0.99999EPSS
Exploits21References9
OSV
OSV
added 2024/11/15 12:20 p.m.11 views

OESA-2024-2405 tomcat security update

The Apache Tomcat software is developed in an open and participatory environment and released under the Apache License version 2. The Apache Tomcat project is intended to be a collaboration of the best-of-breed developers from around the world. We invite you to participate in this open developmen...

8.6CVSS6.8AI score0.99999EPSS
Exploits20References8
OSV
OSV
added 2024/11/15 12:20 p.m.12 views

OESA-2024-2404 tomcat security update

The Apache Tomcat software is developed in an open and participatory environment and released under the Apache License version 2. The Apache Tomcat project is intended to be a collaboration of the best-of-breed developers from around the world. We invite you to participate in this open developmen...

8.6CVSS6.8AI score0.99999EPSS
Exploits20References8
OSV
OSV
added 2024/11/15 12:20 p.m.12 views

OESA-2024-2403 tomcat security update

The Apache Tomcat software is developed in an open and participatory environment and released under the Apache License version 2. The Apache Tomcat project is intended to be a collaboration of the best-of-breed developers from around the world. We invite you to participate in this open developmen...

8.6CVSS6.8AI score0.99999EPSS
Exploits20References8
OSV
OSV
added 2024/11/15 12:19 p.m.8 views

OESA-2024-2402 tomcat security update

The Apache Tomcat software is developed in an open and participatory environment and released under the Apache License version 2. The Apache Tomcat project is intended to be a collaboration of the best-of-breed developers from around the world. We invite you to participate in this open developmen...

8.6CVSS6.8AI score0.99999EPSS
Exploits20References8
OSV
OSV
added 2024/09/24 8:19 p.m.5 views

USN-7032-1 tomcat8, tomcat9 vulnerability

It was discovered that Tomcat incorrectly handled HTTP trailer headers. A remote attacker could possibly use this issue to perform HTTP request smuggling...

7.5CVSS6.7AI score0.02651EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2024/03/05 8:19 a.m.3 views

tomcat: HTTP request smuggling via malformed trailer headers

An improper Input validation flaw was found in Apache Tomcat due to incorrect parsing of HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single request as multiple requests, leading to the possibility of request smuggling when behind a...

7.5CVSS6.8AI score0.02651EPSS
Exploits0References6
OSV
OSV
added 2024/02/14 2:2 p.m.12 views

SUSE-SU-2024:0472-1 Security update for tomcat

This update for tomcat fixes the following issues: Updated to Tomcat 9.0.85: - CVE-2023-45648: Improve trailer header parsing bsc1216118. - CVE-2023-42794: FileUpload: remove tmp files to avoid DoS on Windows bsc1216120. - CVE-2023-42795: Improve handling of failures during recycle methods...

7.8CVSS6.7AI score0.05848EPSS
Exploits2References13
Amazon
Amazon
added 2024/01/08 12:0 a.m.4 views

Medium: tomcat9

Issue Overview: Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header siz...

7.5CVSS9.1AI score0.02651EPSS
Exploits0
Rows per page
Query Builder