1155 matches found
DEBIAN-CVE-2021-33037
Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: - Tomcat incorrectly ignored the transfer...
CVE-2021-33037
Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: - Tomcat incorrectly ignored the transfer...
Cross site request forgery (csrf)
Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: - Tomcat incorrectly ignored the transfer...
CVE-2021-33037
Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: - Tomcat incorrectly ignored the transfer...
UBUNTU-CVE-2021-33037
Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: - Tomcat incorrectly ignored the transfer...
CVE-2021-33037
Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: - Tomcat incorrectly ignored the transfer...
CVE-2021-33037 Incorrect Transfer-Encoding handling with HTTP/1.0
Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: - Tomcat incorrectly ignored the transfer...
CVE-2021-33037
CVE-2021-33037 affects Apache Tomcat: versions 10.0.0-M1–10.0.6, 9.0.0.M1–9.0.46, and 8.5.0–8.5.66 may mishandle the HTTP transfer-encoding header with reverse proxies, enabling request smuggling. Root cause: improper header handling allowing spoofed content encoding sequencing. Impact stated in ...
DEBIAN-CVE-2021-32714
hyper is an HTTP library for Rust. In versions prior to 0.14.10, hyper's HTTP server and client code had a flaw that could trigger an integer overflow when decoding chunk sizes that are too big. This allows possible data loss, or if combined with an upstream HTTP proxy that allows chunk sizes...
CVE-2021-32714
hyper is an HTTP library for Rust. In versions prior to 0.14.10, hyper's HTTP server and client code had a flaw that could trigger an integer overflow when decoding chunk sizes that are too big. This allows possible data loss, or if combined with an upstream HTTP proxy that allows chunk sizes...
CVE-2021-32714 Integer Overflow in Chunked Transfer-Encoding
hyper is an HTTP library for Rust. In versions prior to 0.14.10, hyper's HTTP server and client code had a flaw that could trigger an integer overflow when decoding chunk sizes that are too big. This allows possible data loss, or if combined with an upstream HTTP proxy that allows chunk sizes...
RUSTSEC-2021-0079 Integer overflow in `hyper`'s parsing of the `Transfer-Encoding` header leads to data loss
When decoding chunk sizes that are too large, hyper's code would encounter an integer overflow. Depending on the situation, this could lead to data loss from an incorrect total size, or in rarer cases, a request smuggling attack. To be vulnerable, you must be using hyper for any HTTP/1 purpose,...
Integer overflow in `hyper`'s parsing of the `Transfer-Encoding` header leads to data loss
When decoding chunk sizes that are too large, hyper's code would encounter an integer overflow. Depending on the situation, this could lead to data loss from an incorrect total size, or in rarer cases, a request smuggling attack. To be vulnerable, you must be using hyper for any HTTP/1 purpose,...
ruby: Potential HTTP request smuggling in WEBrick
An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy which also has a po...
ruby: Potential HTTP request smuggling in WEBrick
An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy which also has a po...
ruby: Potential HTTP request smuggling in WEBrick
An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy which also has a po...
HTTP Request Smuggling in netius
netius prior to 1.17.58 is vulnerable to HTTP Request Smuggling. HTTP pipelining issues and request smuggling attacks might be possible due to incorrect Transfer encoding header parsing which could allow for CL:TE or TE:TE attacks...
Fixed in Apache Tomcat 10.0.7
Important: Request Smuggling CVE-2021-33037 Apache Tomcat did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility of request smuggling when used with a reverse proxy. Specifically: Tomcat incorrectly ignored the transfer-encoding header i...
PT-2021-3586
Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 8.5.0 through 8.5.66 Apache Tomcat versions 9.0.0.M1 through 9.0.46 Apache Tomcat versions 10.0.0-M1 through 10.0.6 Description The issue is related to the incorrect parsing of the HTTP transfer-encoding request header i...
Fixed in Apache Tomcat 8.5.68
Note: The issue below was fixed in Apache Tomcat 8.5.67 but the release vote for the 8.5.67 release candidate did not pass. Therefore, although users must download 8.5.68 to obtain a version that includes a fix for this issue, version 8.5.67 is not included in the list of affected versions...