Node.js: HTTP Request Smuggling Due to Flawed Parsing of Transfer-Encoding

Summary: The llhttp parser in the http module in Node v17.8.0 does not correctly parse and validate Transfer-Encoding headers. This can lead to HTTP Request Smuggling HRS. Description: After 1501679, I did a bit more digging into the issue, and found that there were more flaws in the parsing of...

Node.js: HTTP Request Smuggling Due to Incorrect Parsing of Multi-line Transfer-Encoding

Summary: The llhttp parser in the http module in Node v17.6.0 does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling HRS. Description: When Node receives the following request: http GET / HTTP/1.1 Transfer-Encoding: chunked , identity 1 a 0 it...

ruby: Potential HTTP request smuggling in WEBrick

An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy which also has a po...

ruby: Potential HTTP request smuggling in WEBrick

An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy which also has a po...

The vulnerabilities of the Transfer-Encoding and Content-Length headers in the Netty network programming framework, related to deficiencies in HTTP request interpretation, allow attackers to compromise data integrity.

The vulnerability of the Transfer-Encoding and Content-Length headers in the Netty network programming framework is related to a lack of proper interpretation of HTTP requests. Exploiting this vulnerability allows an attacker to compromise the integrity of data...

CVE-2022-21907

HTTP Protocol Stack Remote Code Execution Vulnerability...

HTTP Request Smuggling

Overview std/net/http is a Go standard library package std/net/http Affected versions of this package are vulnerable to HTTP Request Smuggling. Go Vulnerability Report: HTTP headers were not properly parsed, which allows remote attackers to conduct HTTP request smuggling attacks via a request tha...

GO-2021-0159 Request smuggling due to improper header parsing in net/http

HTTP headers were not properly parsed, which allows remote attackers to conduct HTTP request smuggling attacks via a request that contains Content-Length and Transfer-Encoding header fields...

FreeBSD : routinator -- multiple vulnerabilities (9c990e67-6e30-11ec-82db-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 9c990e67-6e30-11ec-82db-b42e991fc52e advisory. - NLnet Labs Routinator prior to 0.10.2 happily processes a chain of RRDP repositories of...

tomcat: HTTP request smuggling when used with a reverse proxy

Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: - Tomcat incorrectly ignored the transfer...

tomcat: HTTP request smuggling when used with a reverse proxy

Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: - Tomcat incorrectly ignored the transfer...

openSUSE 15 Security Update : tomcat (openSUSE-SU-2021:1490-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1490-1 advisory. - A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to...

openSUSE 15 Security Update : tomcat (openSUSE-SU-2021:3672-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:3672-1 advisory. - A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to...

SUSE SLES15 Security Update : tomcat (SUSE-SU-2021:3670-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3670-1 advisory. - A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/o...

Input validation

NLnet Labs Routinator versions 0.9.0 up to and including 0.10.1, support the gzip transfer encoding when querying RRDP repositories. This encoding can be used by an RRDP repository to cause an out-of-memory crash in these versions of Routinator. RRDP uses XML which allows arbitrary amounts of whi...

CVE-2021-43174 gzip transfer encoding caused out-of-memory crash

NLnet Labs Routinator versions 0.9.0 up to and including 0.10.1, support the gzip transfer encoding when querying RRDP repositories. This encoding can be used by an RRDP repository to cause an out-of-memory crash in these versions of Routinator. RRDP uses XML which allows arbitrary amounts of whi...

CVE-2021-43174

CVE-2021-43174 affects NLnet Labs Routinator 0.9.0 up to and including 0.10.1. The issue arises when querying RRDP repositories that use gzip transfer encoding: RRDP’s XML data can include large amounts of whitespace, and gzip compression can massively shrink this whitespace, causing decompressed...

CVE-2021-43174

NLnet Labs Routinator versions 0.9.0 up to and including 0.10.1, support the gzip transfer encoding when querying RRDP repositories. This encoding can be used by an RRDP repository to cause an out-of-memory crash in these versions of Routinator. RRDP uses XML which allows arbitrary amounts of whi...

Apache Traffic Server (ATS) 8.0.0 < 8.1.3, 9.0.0 < 9.1.1 Multiple Vulnerabilities

Apache Traffic Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:trafficserver"...

SUSE SLES12 Security Update : tomcat (SUSE-SU-2021:3602-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3602-1 advisory. - A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/o...