CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1161 matches found

Tenable Nessus•added 2024/04/29 12:0 a.m.•29 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-gunicorn (SUSE-SU-2024:1440-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:1440-1 advisory. - Gunicorn fails to properly validate Transfer-Encoding headers, leading to HTTP Request Smuggling HRS...

7.5CVSS7.5AI score0.02996EPSS

Exploits0References4

Tenable Nessus•added 2024/04/29 12:0 a.m.•25 views

Fedora 40 : rubygem-puma (2024-c393b8b2fb)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-c393b8b2fb advisory. Automatic update for rubygem-puma-6.4.2-1.fc40. Changelog Tue Jan 9 2024 Vt Ondruch - 6.4.2-1 - Update to Puma 6.4.2. Resolves: rhbz2134670 Resolves...

9.8CVSS6.5AI score0.00958EPSS

Exploits0References3

RedHat Linux•added 2024/04/23 5:18 p.m.•0 views

rubygem-puma: HTTP request smuggling when parsing chunked Transfer-Encoding Bodies

A flaw was found in Puma rubygem. Versions prior 6.4.2 are susceptible to a HTTP smuggling attack when parsing chunked transfer encoding bodies on HTTP messages, which don't limit the size of the message chunk extensions. This issue may lead to uncontrolled resource consumption, possibly resultin...

7.5CVSS7.1AI score0.00958EPSS

Exploits0References5

SUSE CVE•added 2024/04/18 2:31 a.m.•1 views

SUSE CVE-2024-1135

Gunicorn fails to properly validate Transfer-Encoding headers, leading to HTTP Request Smuggling HRS vulnerabilities. By crafting requests with conflicting Transfer-Encoding headers, attackers can bypass security restrictions and access restricted endpoints. This issue is due to Gunicorn's handli...

7.4CVSS9.4AI score0.02996EPSS

Exploits0References5

OpenVAS•added 2024/04/18 12:0 a.m.•38 views

Gunicorn < 22.0.0 HTTP Request Smuggling Vulnerability

Gunicorn is prone to a HTTP request smuggling vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:gunicorn:gunicorn"; ...

7.5CVSS6.9AI score0.02996EPSS

Exploits0References2

RedhatCVE•added 2024/04/17 1:2 p.m.•33 views

CVE-2024-1135

An HTTP Request Smuggling vulnerability was found in Gunicorn. By crafting requests with conflicting Transfer-Encoding headers, attackers can bypass security restrictions and access restricted endpoints. This issue is due to Gunicorn's handling of Transfer-Encoding headers, where it incorrectly...

7.5CVSS7.5AI score0.02996EPSS

Exploits0References6

Veracode•added 2024/04/16 10:41 a.m.•133 views

HTTP Request Smuggling (HRS)

gunicorn is vulnerable to HTTP Request Smuggling HRS. The vulnerability is due to improper processing of Transfer-Encoding headers by treating them as chunked regardless of the specified encoding , which allows attackers to bypass security restrictions and access restricted endpoints by crafting...

7.5CVSS6.9AI score0.02996EPSS

Exploits0References5Affected Software1

Github Security Blog•added 2024/04/16 12:30 a.m.•137 views

Request smuggling leading to endpoint restriction bypass in Gunicorn

7.5CVSS7.4AI score0.02996EPSS

Exploits0References9Affected Software1

OSV•added 2024/04/16 12:30 a.m.•133 views

GHSA-W3H3-4RJ7-4PH4 Request smuggling leading to endpoint restriction bypass in Gunicorn

8.2CVSS7.2AI score0.02996EPSS

Exploits0References9

OSV•added 2024/04/16 12:15 a.m.•9 views

CVE-2024-1135

7.5AI score

Exploits0References3

NVD•added 2024/04/16 12:15 a.m.•27 views

CVE-2024-1135

7.5CVSS7.5AI score0.02996EPSS

Exploits0References3

OSV•added 2024/04/16 12:15 a.m.•1 views

DEBIAN-CVE-2024-1135

7.5CVSS7.6AI score0.02996EPSS

Exploits0References1

UbuntuCve•added 2024/04/16 12:15 a.m.•43 views

CVE-2024-1135

7.5CVSS7.1AI score0.02996EPSS

Exploits0References3

OSV•added 2024/04/16 12:15 a.m.•2 views

UBUNTU-CVE-2024-1135

7.5CVSS5.8AI score0.02996EPSS

Exploits0References4

Vulnrichment•added 2024/04/16 12:0 a.m.•41 views

CVE-2024-1135 HTTP Request Smuggling in benoitc/gunicorn

7.5CVSS6.8AI score0.02996EPSS

Exploits0References2

Cvelist•added 2024/04/16 12:0 a.m.•59 views

CVE-2024-1135 HTTP Request Smuggling in benoitc/gunicorn

7.5CVSS7.7AI score0.02996EPSS

Exploits0References2

Debian CVE•added 2024/04/16 12:0 a.m.•42 views

CVE-2024-1135

7.5CVSS7.9AI score0.02996EPSS

Exploits0

CVE•added 2024/04/16 12:0 a.m.•566 views

CVE-2024-1135

Summary of CVE-2024-1135 : A vulnerability in Gunicorn (Python WSGI HTTP Server) where Transfer-Encoding headers are not properly validated, allowing HTTP Request Smuggling (HRS). By crafting requests with multiple conflicting Transfer-Encoding headers, an attacker can cause the server to treat r...

7.5CVSS6.4AI score0.02996EPSS

Exploits0References3

CNNVD•added 2024/04/15 12:0 a.m.•2 views

Gunicorn 环境问题漏洞

Gunicorn is a Python web server gateway interface HTTP server from the Gunicorn open source. Gunicorn suffers from an environment issue vulnerability that stems from an inability to properly validate the Transfer-Encoding header, resulting in an HTTP Request Smuggling HRS attack...

7.5CVSS7.6AI score0.02996EPSS

Exploits0References7

BDU FSTEC•added 2024/03/20 12:0 a.m.•2 views

The vulnerability of the aiohttp HTTP client, related to deficiencies in handling headers like Content-Length and Transfer-Encoding, allows attackers to send hidden HTTP requests (HTTP Request Smuggling attack).

The vulnerability of the aiohttp HTTP client is related to deficiencies in handling headers such as Content-Length and Transfer-Encoding. Exploiting this vulnerability allows an attacker to send hidden HTTP requests remotely HTTP Request Smuggling attack...

6.5CVSS6.3AI score0.0094EPSS

Exploits4References4Affected Software2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by