Количество 9
Количество 9
BDU:2024-03553
Уязвимость WSGI-сервера gunicorn, связанная с недостатками обработки HTTP-запросов, позволяющая нарушителю обойти существующие ограничения безопасности и выполнить атаку «контрабанда HTTP-запросов»
ROS-20250821-01
Уязвимость python3-gunicorn
CVE-2024-1135
Gunicorn fails to properly validate Transfer-Encoding headers, leading to HTTP Request Smuggling (HRS) vulnerabilities. By crafting requests with conflicting Transfer-Encoding headers, attackers can bypass security restrictions and access restricted endpoints. This issue is due to Gunicorn's handling of Transfer-Encoding headers, where it incorrectly processes requests with multiple, conflicting Transfer-Encoding headers, treating them as chunked regardless of the final encoding specified. This vulnerability allows for a range of attacks including cache poisoning, session manipulation, and data exposure.
CVE-2024-1135
Gunicorn fails to properly validate Transfer-Encoding headers, leading to HTTP Request Smuggling (HRS) vulnerabilities. By crafting requests with conflicting Transfer-Encoding headers, attackers can bypass security restrictions and access restricted endpoints. This issue is due to Gunicorn's handling of Transfer-Encoding headers, where it incorrectly processes requests with multiple, conflicting Transfer-Encoding headers, treating them as chunked regardless of the final encoding specified. This vulnerability allows for a range of attacks including cache poisoning, session manipulation, and data exposure.
CVE-2024-1135
Gunicorn fails to properly validate Transfer-Encoding headers, leading to HTTP Request Smuggling (HRS) vulnerabilities. By crafting requests with conflicting Transfer-Encoding headers, attackers can bypass security restrictions and access restricted endpoints. This issue is due to Gunicorn's handling of Transfer-Encoding headers, where it incorrectly processes requests with multiple, conflicting Transfer-Encoding headers, treating them as chunked regardless of the final encoding specified. This vulnerability allows for a range of attacks including cache poisoning, session manipulation, and data exposure.
CVE-2024-1135
Gunicorn fails to properly validate Transfer-Encoding headers, leading ...
SUSE-SU-2024:2881-1
Security update for python-gunicorn
SUSE-SU-2024:1440-1
Security update for python-gunicorn
GHSA-w3h3-4rj7-4ph4
Request smuggling leading to endpoint restriction bypass in Gunicorn
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | BDU:2024-03553 Уязвимость WSGI-сервера gunicorn, связанная с недостатками обработки HTTP-запросов, позволяющая нарушителю обойти существующие ограничения безопасности и выполнить атаку «контрабанда HTTP-запросов» | CVSS3: 7.5 | 0% Низкий | около 2 лет назад |
 | ROS-20250821-01 Уязвимость python3-gunicorn | CVSS3: 7.5 | 0% Низкий | 5 месяцев назад |
 | CVE-2024-1135 Gunicorn fails to properly validate Transfer-Encoding headers, leading to HTTP Request Smuggling (HRS) vulnerabilities. By crafting requests with conflicting Transfer-Encoding headers, attackers can bypass security restrictions and access restricted endpoints. This issue is due to Gunicorn's handling of Transfer-Encoding headers, where it incorrectly processes requests with multiple, conflicting Transfer-Encoding headers, treating them as chunked regardless of the final encoding specified. This vulnerability allows for a range of attacks including cache poisoning, session manipulation, and data exposure. | CVSS3: 7.5 | 0% Низкий | почти 2 года назад |
 | CVE-2024-1135 Gunicorn fails to properly validate Transfer-Encoding headers, leading to HTTP Request Smuggling (HRS) vulnerabilities. By crafting requests with conflicting Transfer-Encoding headers, attackers can bypass security restrictions and access restricted endpoints. This issue is due to Gunicorn's handling of Transfer-Encoding headers, where it incorrectly processes requests with multiple, conflicting Transfer-Encoding headers, treating them as chunked regardless of the final encoding specified. This vulnerability allows for a range of attacks including cache poisoning, session manipulation, and data exposure. | CVSS3: 7.5 | 0% Низкий | почти 2 года назад |
 | CVE-2024-1135 Gunicorn fails to properly validate Transfer-Encoding headers, leading to HTTP Request Smuggling (HRS) vulnerabilities. By crafting requests with conflicting Transfer-Encoding headers, attackers can bypass security restrictions and access restricted endpoints. This issue is due to Gunicorn's handling of Transfer-Encoding headers, where it incorrectly processes requests with multiple, conflicting Transfer-Encoding headers, treating them as chunked regardless of the final encoding specified. This vulnerability allows for a range of attacks including cache poisoning, session manipulation, and data exposure. | CVSS3: 7.5 | 0% Низкий | почти 2 года назад |
| CVE-2024-1135 Gunicorn fails to properly validate Transfer-Encoding headers, leading ... | CVSS3: 7.5 | 0% Низкий | почти 2 года назад |
 | SUSE-SU-2024:2881-1 Security update for python-gunicorn | 0% Низкий | больше 1 года назад | |
| SUSE-SU-2024:1440-1 Security update for python-gunicorn | 0% Низкий | больше 1 года назад | |
| GHSA-w3h3-4rj7-4ph4 Request smuggling leading to endpoint restriction bypass in Gunicorn | CVSS3: 8.2 | 0% Низкий | почти 2 года назад |
Уязвимостей на страницу