Total
195 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-33056 | 1 Linphone | 1 Belle-sip | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Belledonne Belle-sip before 4.5.20, as used in Linphone and other products, can crash via an invalid From header in a SIP message. | |||||
| CVE-2021-34559 | 1 Pepperl-fuchs | 4 Wha-gw-f2d2-0-as- Z2-eth.eip, Wha-gw-f2d2-0-as- Z2-eth.eip Firmware, Wha-gw-f2d2-0-as-z2-eth and 1 more | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.8 a vulnerability may allow remote attackers to rewrite links and URLs in cached pages to arbitrary strings. | |||||
| CVE-2021-31922 | 1 Pulsesecure | 1 Virtual Traffic Manager | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| An HTTP Request Smuggling vulnerability in Pulse Secure Virtual Traffic Manager before 21.1 could allow an attacker to smuggle an HTTP request through an HTTP/2 Header. This vulnerability is resolved in 21.1, 20.3R1, 20.2R1, 20.1R2, 19.2R4, and 18.2R3. | |||||
| CVE-2021-32565 | 2 Apache, Debian | 2 Traffic Server, Debian Linux | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Invalid values in the Content-Length header sent to Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1. | |||||
| CVE-2021-32715 | 1 Hyper | 1 Hyper | 2024-02-04 | 4.3 MEDIUM | 5.3 MEDIUM |
| hyper is an HTTP library for rust. hyper's HTTP/1 server code had a flaw that incorrectly parses and accepts requests with a `Content-Length` header with a prefixed plus sign, when it should have been rejected as illegal. This combined with an upstream HTTP proxy that doesn't parse such `Content-Length` headers, but forwards them, can result in "request smuggling" or "desync attacks". The flaw exists in all prior versions of hyper prior to 0.14.10, if built with `rustc` v1.5.0 or newer. The vulnerability is patched in hyper version 0.14.10. Two workarounds exist: One may reject requests manually that contain a plus sign prefix in the `Content-Length` header or ensure any upstream proxy handles `Content-Length` headers with a plus sign prefix. | |||||
| CVE-2021-30180 | 1 Apache | 1 Dubbo | 2024-02-04 | 6.8 MEDIUM | 9.8 CRITICAL |
| Apache Dubbo prior to 2.7.9 support Tag routing which will enable a customer to route the request to the right server. These rules are used by the customers when making a request in order to find the right endpoint. When parsing these YAML rules, Dubbo customers may enable calling arbitrary constructors. | |||||
| CVE-2021-27577 | 2 Apache, Debian | 2 Traffic Server, Debian Linux | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Incorrect handling of url fragment vulnerability of Apache Traffic Server allows an attacker to poison the cache. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1. | |||||
| CVE-2021-36740 | 5 Debian, Fedoraproject, Varnish-cache and 2 more | 5 Debian Linux, Fedora, Varnish Cache and 2 more | 2024-02-04 | 6.4 MEDIUM | 6.5 MEDIUM |
| Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. This affects Varnish Enterprise 6.0.x before 6.0.8r3, and Varnish Cache 5.x and 6.x before 6.5.2, 6.6.x before 6.6.1, and 6.0 LTS before 6.0.8. | |||||
| CVE-2021-32598 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
| An improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting') vulnerability In FortiManager and FortiAnalyzer GUI 7.0.0, 6.4.6 and below, 6.2.8 and below, 6.0.11 and below, 5.6.11 and below may allow an authenticated and remote attacker to perform an HTTP request splitting attack which gives attackers control of the remaining headers and body of the response. | |||||
| CVE-2020-26129 | 1 Jetbrains | 1 Ktor | 2024-02-04 | 6.4 MEDIUM | 6.5 MEDIUM |
| In JetBrains Ktor before 1.4.1, HTTP request smuggling was possible. | |||||
| CVE-2020-10687 | 1 Redhat | 4 Enterprise Linux, Jboss Enterprise Application Platform, Single Sign-on and 1 more | 2024-02-04 | 5.8 MEDIUM | 4.8 MEDIUM |
| A flaw was discovered in all versions of Undertow before Undertow 2.2.0.Final, where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own. | |||||
| CVE-2020-28361 | 1 Kamailio | 1 Kamailio | 2024-02-04 | 5.5 MEDIUM | 5.4 MEDIUM |
| Kamailio before 5.4.0, as used in Sip Express Router (SER) in Sippy Softswitch 4.5 through 5.2 and other products, allows a bypass of a header-removal protection mechanism via whitespace characters. This occurs in the remove_hf function in the Kamailio textops module. Particular use of remove_hf in Sippy Softswitch may allow skilled attacker having a valid credential in the system to disrupt internal call start/duration accounting mechanisms leading potentially to a loss of revenue. | |||||
| CVE-2021-22293 | 1 Huawei | 4 Campusinsight, Manageone, Taurus-al00a and 1 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Some Huawei products have an inconsistent interpretation of HTTP requests vulnerability. Attackers can exploit this vulnerability to cause information leak. Affected product versions include: CampusInsight versions V100R019C10; ManageOne versions 6.5.1.1, 6.5.1.SPC100, 6.5.1.SPC200, 6.5.1RC1, 6.5.1RC2, 8.0.RC2. Affected product versions include: Taurus-AL00A versions 10.0.0.1(C00E1R1P1). | |||||
| CVE-2020-25097 | 4 Debian, Fedoraproject, Netapp and 1 more | 4 Debian Linux, Fedora, Cloud Manager and 1 more | 2024-02-04 | 5.0 MEDIUM | 8.6 HIGH |
| An issue was discovered in Squid through 4.13 and 5.x through 5.0.4. Due to improper input validation, it allows a trusted client to perform HTTP Request Smuggling and access services otherwise forbidden by the security controls. This occurs for certain uri_whitespace configuration settings. | |||||
| CVE-2020-4896 | 1 Ibm | 1 Emptoris Sourcing | 2024-02-04 | 6.4 MEDIUM | 6.5 MEDIUM |
| IBM Emptoris Sourcing 10.1.0, 10.1.1, and 10.1.3 is vulnerable to web cache poisoning, caused by improper input validation by modifying HTTP request headers. IBM X-Force ID: 190987. | |||||
| CVE-2020-8287 | 5 Debian, Fedoraproject, Nodejs and 2 more | 5 Debian Linux, Fedora, Node.js and 2 more | 2024-02-04 | 6.4 MEDIUM | 6.5 MEDIUM |
| Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in an HTTP request (for example, two Transfer-Encoding header fields). In this case, Node.js identifies the first header field and ignores the second. This can lead to HTTP Request Smuggling. | |||||
| CVE-2021-20220 | 2 Netapp, Redhat | 3 Active Iq Unified Manager, Oncommand Workflow Automation, Undertow | 2024-02-04 | 5.8 MEDIUM | 4.8 MEDIUM |
| A flaw was found in Undertow. A regression in the fix for CVE-2020-10687 was found. HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own. The highest threat from this vulnerability is to data confidentiality and integrity. | |||||
| CVE-2021-23336 | 6 Debian, Djangoproject, Fedoraproject and 3 more | 12 Debian Linux, Django, Fedora and 9 more | 2024-02-04 | 4.0 MEDIUM | 5.9 MEDIUM |
| The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter. | |||||
| CVE-2020-17509 | 1 Apache | 1 Traffic Server | 2024-02-04 | 4.3 MEDIUM | 7.5 HIGH |
| ATS negative cache option is vulnerable to a cache poisoning attack. If you have this option enabled, please upgrade or disable this feature. Apache Traffic Server versions 7.0.0 to 7.1.11 and 8.0.0 to 8.1.0 are affected. | |||||
| CVE-2020-25613 | 2 Fedoraproject, Ruby-lang | 3 Fedora, Ruby, Webrick | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy (which also has a poor header check), which may lead to an HTTP Request Smuggling attack. | |||||