CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1155 matches found

OSV•added 2020/02/21 6:55 p.m.•39 views

GHSA-FF2W-CQ2G-WV5F HTTP Request Smuggling in Netty

Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace such as a spaceTransfer-Encoding:chunked line and a later Content-Length header. This issue exists because of an incomplete fix for CVE-2019-16869...

7.5CVSS8.7AI score0.01498EPSS

Exploits1References21

Github Security Blog•added 2020/02/21 6:55 p.m.•203 views

HTTP Request Smuggling in Netty

7.5CVSS0.8AI score0.01498EPSS

Exploits1References22Affected Software1

OSV•added 2020/02/21 6:55 p.m.•4 views

GHSA-P2V9-G2QV-P635 HTTP Request Smuggling in Netty

HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header...

9.1CVSS6.8AI score0.03562EPSS

Exploits1References57

RedHat Linux•added 2020/02/13 2:50 p.m.•5 views

netty: HttpObjectDecoder.java allows Content-Length header to accompanied by second Content-Length header

A flaw was found in Netty before version 4.1.44, where it accepted multiple Content-Length headers and also accepted both Transfer-Encoding, as well as Content-Length headers where it should reject the message under such circumstances. In circumstances where Netty is used in the context of a...

9.1CVSS7.1AI score0.03562EPSS

Exploits1References4

RedHat Linux•added 2020/02/13 2:50 p.m.•3 views

netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling

A flaw was found in Netty, where it mishandles Transfer-Encoding whitespace. This flaw allows HTTP Request Smuggling...

7.5CVSS7.1AI score0.01498EPSS

Exploits1References5

Veracode•added 2020/02/10 8:28 a.m.•40 views

HTTP Request Smuggling

Node is vulnerable to HTTP request smuggling. Failure to validate malformed HTTP requests allows an attacker to smuggle HTTP requests using malicious Transfer-Encoding header...

9.8CVSS1AI score0.32252EPSS

Exploits0References25Affected Software4

OSV•added 2020/02/08 7:15 p.m.•2 views

AZL-78996 CVE-2015-5741 affecting package golang 1.25.7-1

The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request that contains Content-Length and Transfer-Encoding header fields...

9.8CVSS5.8AI score0.01751EPSS

Exploits0References1

OSV•added 2020/02/08 7:15 p.m.•0 views

UBUNTU-CVE-2015-5741

9.8CVSS6.8AI score0.01751EPSS

Exploits0References3

UbuntuCve•added 2020/02/08 7:15 p.m.•34 views

CVE-2015-5741

9.8CVSS6.9AI score0.01751EPSS

Exploits0References2

Cvelist•added 2020/02/08 6:2 p.m.•28 views

CVE-2015-5741

9.2AI score0.01751EPSS

Exploits0References7