CWE:
 

Tytuł
Data
Autor
Low
Citrix Gateway 11.1 / 12.0 / 12.1 Cache Bypass
09.03.2020
Micha Borrmann


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2020-08-07
Low
CVE-2020-11993

Vendor: Apache
Software: Http server
 

 
Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of mod_http2 above "info" will mitigate this vulnerability for unpatched servers.

 
2020-07-15
Low
CVE-2019-19326

Vendor: Silverstripe
Software: Silverstripe
 

 
Silverstripe CMS sites through 4.4.4 which have opted into HTTP Cache Headers on responses served by the framework's HTTP layer can be vulnerable to web cache poisoning. Through modifying the X-Original-Url and X-HTTP-Method-Override headers, responses with malicious HTTP headers can return unexpected responses to other consumers of this cached response. Most other headers associated with web cache poisoning are already disabled through request hostname forgery whitelists.

 
2020-06-15
Medium
CVE-2018-21245

Vendor: Apsis
Software: Pound
 

 
Pound before 2.8 allows HTTP request smuggling, a related issue to CVE-2016-10711.

 
2020-06-10
Medium
CVE-2020-7671

Vendor: Goliath project
Software: Goliath
 

 
goliath through 1.0.6 allows request smuggling attacks where goliath is used as a backend and a frontend proxy also being vulnerable. It is possible to conduct HTTP request smuggling attacks by sending the Content-Length header twice. Furthermore, invalid Transfer Encoding headers were found to be parsed as valid which could be leveraged for TE:CL smuggling attacks.

 
Medium
CVE-2020-7670

Vendor: Ohler
Software: AGOO
 

 
agoo through 2.12.3 allows request smuggling attacks where agoo is used as a backend and a frontend proxy also being vulnerable. It is possible to conduct HTTP request smuggling attacks by sending the Content-Length header twice. Furthermore, invalid Transfer Encoding headers were found to be parsed as valid which could be leveraged for TE:CL smuggling attacks.

 
2020-06-01
Medium
CVE-2020-7659

Vendor: Celluloid
Software: REEL
 

 
reel through 0.6.1 allows Request Smuggling attacks due to incorrect Content-Length and Transfer encoding header parsing. It is possible to conduct HTTP request smuggling attacks by sending the Content-Length header twice. Furthermore, invalid Transfer Encoding headers were found to be parsed as valid which could be leveraged for TE:CL smuggling attacks. Note: This project is deprecated, and is not maintained any more.

 
2020-05-26
Medium
CVE-2020-10719

Vendor: Redhat
Software: Undertow
 

 
A flaw was found in Undertow in versions before 2.1.1.Final, regarding the processing of invalid HTTP requests with large chunk sizes. This flaw allows an attacker to take advantage of HTTP request smuggling.

 
2020-05-22
Medium
CVE-2020-11076

Vendor: PUMA
Software: PUMA
 

 
In Puma (RubyGem) before 4.3.4 and 3.12.5, an attacker could smuggle an HTTP response, by using an invalid transfer-encoding header. The problem has been fixed in Puma 3.12.5 and Puma 4.3.4.

 
Medium
CVE-2020-11077

Vendor: PUMA
Software: PUMA
 

 
In Puma (RubyGem) before 4.3.5 and 3.12.6, a client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. If the proxy uses persistent connections and the client adds another request in via HTTP pipelining, the proxy may mistake it as the first request's body. Puma, however, would see it as two requests, and when processing the second request, send back a response that the proxy does not expect. If the proxy has reused the persistent connection to Puma to send another request for a different client, the second response from the first client will be sent to the second client. This is a similar but different vulnerability from CVE-2020-11076. The problem has been fixed in Puma 3.12.6 and Puma 4.3.5.

 
Low
CVE-2020-7658

Vendor: Meinheld
Software: Meinheld
 

 
meinheld prior to 1.0.2 is vulnerable to HTTP Request Smuggling. HTTP pipelining issues and request smuggling attacks might be possible due to incorrect Content-Length and Transfer encoding header parsing.

 

 


Copyright 2020, cxsecurity.com

 

Back to Top