Lucene search
Veracode Vulnerability DatabaseVERACODE:42608HistoryAug 07, 2023 - 10:02 a.m.
HTTP Request Smuggling
2023-08-0710:02:17
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
4
vulnerability
http request smuggling
protocol-http1
improper implementation
content-length header
firewall bypassing
0.001 Low
EPSS
Percentile
27.6%
protocol-http1 is vulnerable to HTTP Request Smuggling. The vulnerability exists in the read function of chunked.rb due to improper HTTP/1 implementation based on the RFC spec, such as allowing Content-Length header values with a + or 0x prefix, which can lead to HTTP request smuggling and firewall bypassing.
| CPE | Name | Operator | Version |
|---|---|---|---|
| protocol-http1 | le | 0.15.0 | |
| protocol-http1 | le | 0.15.0 |
References
Related
nessus
nessus
CBL Mariner 2.0 Security Update: rubygem-protocol-http1 (CVE-2023-38697)
2023-08-31 00:00:00
redhatcve
redhatcve
CVE-2023-38697
2023-08-05 15:48:44
ubuntucve
ubuntucve
CVE-2023-38697
2023-08-04 00:00:00
osv
osv
CVE-2023-38697
2023-08-04 18:15:15
protocol-http1 HTTP Request/Response Smuggling vulnerability
2023-08-03 16:36:34
cbl_mariner
cbl_mariner
prion
prion
Design/Logic Flaw
2023-08-04 18:15:00
debiancve
debiancve
CVE-2023-38697
2023-08-04 18:15:15
cvelist
cvelist
CVE-2023-38697 protocol-http1 HTTP Request/Response Smuggling vulnerability
2023-08-04 17:32:51
github
github
protocol-http1 HTTP Request/Response Smuggling vulnerability
2023-08-03 16:36:34
cve
cve
CVE-2023-38697
2023-08-04 18:15:15
