Total
251 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-17569 | 6 Apache, Debian, Netapp and 3 more | 17 Tomcat, Tomee, Debian Linux and 14 more | 2024-11-21 | 4.8 Medium |
| The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a regression. The result of the regression was that invalid Transfer-Encoding headers were incorrectly processed leading to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. Such a reverse proxy is considered unlikely. | ||||
| CVE-2019-17567 | 4 Apache, Fedoraproject, Oracle and 1 more | 6 Http Server, Fedora, Enterprise Manager Ops Center and 3 more | 2024-11-21 | 5.3 Medium |
| Apache HTTP Server versions 2.4.6 to 2.4.46 mod_proxy_wstunnel configured on an URL that is not necessarily Upgraded by the origin server was tunneling the whole connection regardless, thus allowing for subsequent requests on the same connection to pass through with no HTTP validation, authentication or authorization possibly configured. | ||||
| CVE-2019-17565 | 2 Apache, Debian | 2 Traffic Server, Debian Linux | 2024-11-21 | 9.8 Critical |
| There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and chunked encoding. Upgrade to versions 7.1.9 and 8.0.6 or later versions. | ||||
| CVE-2019-17559 | 2 Apache, Debian | 2 Traffic Server, Debian Linux | 2024-11-21 | 9.8 Critical |
| There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and scheme parsing. Upgrade to versions 7.1.9 and 8.0.6 or later versions. | ||||
| CVE-2019-16869 | 4 Canonical, Debian, Netty and 1 more | 14 Ubuntu Linux, Debian Linux, Netty and 11 more | 2024-11-21 | 7.5 High |
| Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers (such as a "Transfer-Encoding : chunked" line), which leads to HTTP request smuggling. | ||||
| CVE-2019-16792 | 3 Agendaless, Debian, Oracle | 3 Waitress, Debian Linux, Communications Cloud Native Core Network Function Cloud Native Environment | 2024-11-21 | 7.1 High |
| Waitress through version 1.3.1 allows request smuggling by sending the Content-Length header twice. Waitress would header fold a double Content-Length header and due to being unable to cast the now comma separated value to an integer would set the Content-Length to 0 internally. If two Content-Length headers are sent in a single request, Waitress would treat the request as having no body, thereby treating the body of the request as a new request in HTTP pipelining. This issue is fixed in Waitress 1.4.0. | ||||
| CVE-2019-16789 | 5 Agendaless, Debian, Fedoraproject and 2 more | 6 Waitress, Debian Linux, Fedora and 3 more | 2024-11-21 | 7.1 High |
| In Waitress through version 1.4.0, if a proxy server is used in front of waitress, an invalid request may be sent by an attacker that bypasses the front-end and is parsed differently by waitress leading to a potential for HTTP request smuggling. Specially crafted requests containing special whitespace characters in the Transfer-Encoding header would get parsed by Waitress as being a chunked request, but a front-end server would use the Content-Length instead as the Transfer-Encoding header is considered invalid due to containing invalid characters. If a front-end server does HTTP pipelining to a backend Waitress server this could lead to HTTP request splitting which may lead to potential cache poisoning or unexpected information disclosure. This issue is fixed in Waitress 1.4.1 through more strict HTTP field validation. | ||||
| CVE-2019-16786 | 5 Agendaless, Debian, Fedoraproject and 2 more | 6 Waitress, Debian Linux, Fedora and 3 more | 2024-11-21 | 7.1 High |
| Waitress through version 1.3.1 would parse the Transfer-Encoding header and only look for a single string value, if that value was not chunked it would fall through and use the Content-Length header instead. According to the HTTP standard Transfer-Encoding should be a comma separated list, with the inner-most encoding first, followed by any further transfer codings, ending with chunked. Requests sent with: "Transfer-Encoding: gzip, chunked" would incorrectly get ignored, and the request would use a Content-Length header instead to determine the body size of the HTTP message. This could allow for Waitress to treat a single request as multiple requests in the case of HTTP pipelining. This issue is fixed in Waitress 1.4.0. | ||||
| CVE-2019-16785 | 5 Agendaless, Debian, Fedoraproject and 2 more | 6 Waitress, Debian Linux, Fedora and 3 more | 2024-11-21 | 7.1 High |
| Waitress through version 1.3.1 implemented a "MAY" part of the RFC7230 which states: "Although the line terminator for the start-line and header fields is the sequence CRLF, a recipient MAY recognize a single LF as a line terminator and ignore any preceding CR." Unfortunately if a front-end server does not parse header fields with an LF the same way as it does those with a CRLF it can lead to the front-end and the back-end server parsing the same HTTP message in two different ways. This can lead to a potential for HTTP request smuggling/splitting whereby Waitress may see two requests while the front-end server only sees a single HTTP message. This issue is fixed in Waitress 1.4.0. | ||||
| CVE-2019-16276 | 6 Debian, Fedoraproject, Golang and 3 more | 11 Debian Linux, Fedora, Go and 8 more | 2024-11-21 | 7.5 High |
| Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling. | ||||
| CVE-2019-15605 | 6 Debian, Fedoraproject, Nodejs and 3 more | 16 Debian Linux, Fedora, Node.js and 13 more | 2024-11-21 | 9.8 Critical |
| HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed | ||||
| CVE-2019-15272 | 1 Cisco | 1 Unified Communications Manager | 2024-11-21 | 6.5 Medium |
| A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote attacker to bypass security restrictions. The vulnerability is due to improper handling of malformed HTTP methods. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected system. A successful exploit could allow the attacker to gain unauthorized access to the system. | ||||
| CVE-2019-12781 | 4 Canonical, Debian, Djangoproject and 1 more | 6 Ubuntu Linux, Debian Linux, Django and 3 more | 2024-11-21 | N/A |
| An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1.10, and 2.2 before 2.2.3. An HTTP request is not redirected to HTTPS when the SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings are used, and the proxy connects to Django via HTTPS. In other words, django.http.HttpRequest.scheme has incorrect behavior when a client uses HTTP. | ||||
| CVE-2019-1020012 | 1 Parseplatform | 1 Parse-server | 2024-11-21 | N/A |
| parse-server before 3.4.1 allows DoS after any POST to a volatile class. | ||||
| CVE-2019-0197 | 6 Apache, Canonical, Fedoraproject and 3 more | 12 Http Server, Ubuntu Linux, Fedora and 9 more | 2024-11-21 | 4.2 Medium |
| A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. Server that never enabled the h2 protocol or that only enabled it for https: and did not set "H2Upgrade on" are unaffected by this issue. | ||||
| CVE-2018-8004 | 2 Apache, Debian | 2 Traffic Server, Debian Linux | 2024-11-21 | N/A |
| There are multiple HTTP smuggling and cache poisoning issues when clients making malicious requests interact with Apache Traffic Server (ATS). This affects versions 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x should upgrade to 6.2.3 or later versions and 7.x users should upgrade to 7.1.4 or later versions. | ||||
| CVE-2018-7068 | 1 Hp | 1 Centralview Fraud Risk Management | 2024-11-21 | N/A |
| HPE has identified a remote HOST header attack vulnerability in HPE CentralView Fraud Risk Management earlier than version CV 6.1. This issue is resolved in HF16 for HPE CV 6.1 or subsequent version. | ||||
| CVE-2018-4030 | 1 Getcujo | 1 Smart Firewall | 2024-11-21 | 7.5 High |
| An exploitable vulnerability exists the safe browsing function of the CUJO Smart Firewall, version 7003. The bug lies in the way the safe browsing function parses HTTP requests. The "Host" header is incorrectly extracted from captured HTTP requests, which would allow an attacker to visit any malicious websites and bypass the firewall. An attacker could send an HTTP request to exploit this vulnerability. | ||||
| CVE-2018-3909 | 1 Samsung | 2 Sth-eth-250, Sth-eth-250 Firmware | 2024-11-21 | 8.6 High |
| An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the previously parsed HTTP method, 'onmessagecomplete' callback. An attacker can send an HTTP request to trigger this vulnerability. | ||||
| CVE-2018-3908 | 1 Samsung | 2 Sth-eth-250, Sth-eth-250 Firmware | 2024-11-21 | 7.5 High |
| An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the previously parsed HTTP method, URL and body. With the implementation of the on_body callback, defined by sub_41734, an attacker can send an HTTP request to trigger this vulnerability. | ||||