CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1155 matches found

OSV•added 2020/02/28 1:10 a.m.•1 views

GHSA-767J-JFH2-JVRC Potential HTTP request smuggling in Apache Tomcat

The refactoring present in Apache Tomcat versions 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a regression. The result of the regression was that invalid Transfer-Encoding headers were incorrectly processed leading to a possibility of HTTP Request Smuggling if Tomcat was...

4.8CVSS7.2AI score0.06163EPSS

Exploits0References12

Tenable Nessus•added 2020/02/28 12:0 a.m.•80 views

Apache Tomcat 7.0.x < 7.0.100 Multiple Vulnerabilities

The version of Apache Tomcat installed on the remote host is 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 or 7.0.0 to 7.0.99. It is, therefore, affected by multiple vulnerabilities : - An arbitrary file read vulnerability in AJP protocol due to an implementation defect which could also be leveraged to...

9.8CVSS6.5AI score0.94469EPSS

Exploits44References4

Tenable Nessus•added 2020/02/26 12:0 a.m.•45 views

SUSE SLES15 Security Update : nodejs8 (SUSE-SU-2020:0454-1)

This update for nodejs8 fixes the following issues : Security issues fixed : CVE-2019-15604: Fixed a remotely triggerable assertion in the TLS server via a crafted certificate string CVE-2019-15604, bsc1163104. CVE-2019-15605: Fixed an HTTP request smuggling vulnerability via malformed...

9.8CVSS7.3AI score0.32252EPSS

Exploits2References10

RedHat Linux•added 2020/02/25 5:35 p.m.•3 views

netty: HttpObjectDecoder.java allows Content-Length header to accompanied by second Content-Length header

A flaw was found in Netty before version 4.1.44, where it accepted multiple Content-Length headers and also accepted both Transfer-Encoding, as well as Content-Length headers where it should reject the message under such circumstances. In circumstances where Netty is used in the context of a...

9.1CVSS7.1AI score0.03562EPSS

Exploits1References4

RedHat Linux•added 2020/02/25 5:35 p.m.•2 views

netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling

A flaw was found in Netty, where it mishandles Transfer-Encoding whitespace. This flaw allows HTTP Request Smuggling...

7.5CVSS7.1AI score0.01498EPSS

Exploits1References5

RedHat Linux•added 2020/02/25 5:27 p.m.•3 views

netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling

A flaw was found in Netty, where it mishandles Transfer-Encoding whitespace. This flaw allows HTTP Request Smuggling...

7.5CVSS7.1AI score0.01498EPSS

Exploits1References5

RedHat Linux•added 2020/02/25 5:27 p.m.•2 views

netty: HttpObjectDecoder.java allows Content-Length header to accompanied by second Content-Length header

9.1CVSS7.1AI score0.03562EPSS

Exploits1References4

RedHat Linux•added 2020/02/25 3:56 p.m.•4 views

nodejs: HTTP request smuggling using malformed Transfer-Encoding header

A flaw was found in the Node.js code where a specially crafted HTTPs request sent to a Node.js server failed to properly process the HTTPs headers, resulting in a request smuggling attack. An attacker can use this flaw to alter a request sent as an authenticated user if the Node.js server is...

9.8CVSS7.2AI score0.32252EPSS

Exploits0References5

RedHat Linux•added 2020/02/25 3:32 p.m.•1 views

netty: HttpObjectDecoder.java allows Content-Length header to accompanied by second Content-Length header

9.1CVSS7.1AI score0.03562EPSS

Exploits1References4

RedHat Linux•added 2020/02/25 3:32 p.m.•3 views

netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling

A flaw was found in Netty, where it mishandles Transfer-Encoding whitespace. This flaw allows HTTP Request Smuggling...

7.5CVSS7.1AI score0.01498EPSS

Exploits1References5

RedHat Linux•added 2020/02/25 1:42 p.m.•2 views

nodejs: HTTP request smuggling using malformed Transfer-Encoding header

9.8CVSS7.2AI score0.32252EPSS

Exploits0References5

RedHat Linux•added 2020/02/25 1:7 p.m.•3 views

nodejs: HTTP request smuggling using malformed Transfer-Encoding header

9.8CVSS7.2AI score0.32252EPSS

Exploits0References5

RedHat Linux•added 2020/02/25 8:39 a.m.•1 views

nodejs: HTTP request smuggling using malformed Transfer-Encoding header

9.8CVSS7.2AI score0.32252EPSS

Exploits0References5

Veracode•added 2020/02/25 7:52 a.m.•41 views

HTTP Request Smuggling

tomcat-coyote is vulnerable to HTTP request smuggling. The vulnerability exists due to mishandling of incorrect transfer encoding headers introduced by a regression if server is placed after a reverse proxy...

4.8CVSS1.2AI score0.06163EPSS

Exploits0References14Affected Software2

RedhatCVE•added 2020/02/25 6:40 a.m.•53 views

CVE-2020-1935

A flaw was found in Apache Tomcat. The HTTP header parsing code used an approach to end-of-line EOL parsing that allowed some invalid HTTP headers to be parsed as valid. This led to the possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the...

5.8CVSS7.6AI score0.01382EPSS

Exploits0References6

OSV•added 2020/02/24 10:15 p.m.•1 views

DEBIAN-CVE-2019-17569

The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a regression. The result of the regression was that invalid Transfer-Encoding headers were incorrectly processed leading to a possibility of HTTP Request Smuggling if Tomcat was located...

4.8CVSS7.3AI score0.06163EPSS

Exploits0References1

OSV•added 2020/02/24 10:15 p.m.•1 views

DEBIAN-CVE-2020-1935

In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse...

5.8CVSS7.3AI score0.01382EPSS

Exploits0References1