-
# Overview
[goliath](https://rubygems.org/gems/goliath) is an Async framework for writing API servers.
Affected versions of this package are vulnerable to HTTP Request Smuggling. HTTP pipelining iss…
-
CL.TE :
```yaml
id: CL-TE-http-smuggling
info:
name: HTTP request smuggling, basic CL.TE vulnerability
author: pdteam, akincibor
severity: Low
requests:
- raw:
- |+
…
-
Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace (such as a [space]Transfer-Encoding:chunked line) and a later Content-Length header.
**Steps to r…
-
### **Nuclei version:**
3.2.9
### **Current Behavior:**
While creating a template for TE.CL and CL.TE http request smuggling, and proxying it through burp to get an idea on how Nuclei treats t…
-
> HTTP Request smuggling through malformed Transfer Encoding headers
| Details | |
| ------------------- | --------------------------------…
-
Version: Deno 2.0.0
I made a quick and simple standards test and found that Deno does not properly check for Content-Length vs. Transfer-Encoding. It must close the connection with error if both he…
-
libsoup security update
Severity: important
Description
The libsoup packages provide an HTTP client and server library for GNOME.
Security Fix(es):
* libsoup: infinite loop while reading webso…
-
**Description**
If Apache Tomcat 8.5.0 through 8.5.82, 9.0.0-M1 through 9.0.67, 10.0.0-M1 through 10.0.26 and 10.1.0-M1 through 10.1.0 was configured to ignore invalid HTTP headers via setting "re…
-
**Poor parsing of content-length header in httpdaemon will lead to http request smuggling**
[RFC security considerations](https://datatracker.ietf.org/doc/html/rfc7230#section-9.5)
Libwwwperl pa…
-
The following 2 facts allow for request smuggling through LiteSpeed proxies to LiteSpeed[^1], H2O, Libevent, and Mongoose backends.
[^1]: This is cool! Typically, request smuggling vulnerabilities …