exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 6

CVE-2022-41721

около 3 лет назад

A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the server attempts to read HTTP2 frames from the connection, it will instead be reading the body of the HTTP request, which could be attacker-manipulated to represent arbitrary HTTP2 requests.

CVSS3: 7.5

EPSS: Низкий

CVE-2022-41721

около 3 лет назад

A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the server attempts to read HTTP2 frames from the connection, it will instead be reading the body of the HTTP request, which could be attacker-manipulated to represent arbitrary HTTP2 requests.

CVSS3: 7.5

EPSS: Низкий

CVE-2022-41721

около 3 лет назад

A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the server attempts to read HTTP2 frames from the connection, it will instead be reading the body of the HTTP request, which could be attacker-manipulated to represent arbitrary HTTP2 requests.

CVSS3: 7.5

EPSS: Низкий

CVE-2022-41721

около 3 лет назад

Request smuggling due to improper request handling in golang.org/x/net/http2/h2c

CVSS3: 7.5

EPSS: Низкий

CVE-2022-41721

около 3 лет назад

A request smuggling attack is possible when using MaxBytesHandler. Whe ...

CVSS3: 7.5

EPSS: Низкий

GHSA-fxg5-wq6x-vr4w

около 3 лет назад

golang.org/x/net/http2/h2c vulnerable to request smuggling attack

CVSS3: 7.5

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
CVE-2022-41721 A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the server attempts to read HTTP2 frames from the connection, it will instead be reading the body of the HTTP request, which could be attacker-manipulated to represent arbitrary HTTP2 requests.	CVSS3: 7.5	0% Низкий	около 3 лет назад
CVE-2022-41721 A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the server attempts to read HTTP2 frames from the connection, it will instead be reading the body of the HTTP request, which could be attacker-manipulated to represent arbitrary HTTP2 requests.	CVSS3: 7.5	0% Низкий	около 3 лет назад
CVE-2022-41721 A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the server attempts to read HTTP2 frames from the connection, it will instead be reading the body of the HTTP request, which could be attacker-manipulated to represent arbitrary HTTP2 requests.	CVSS3: 7.5	0% Низкий	около 3 лет назад
CVE-2022-41721 Request smuggling due to improper request handling in golang.org/x/net/http2/h2c	CVSS3: 7.5	0% Низкий	около 3 лет назад
CVE-2022-41721 A request smuggling attack is possible when using MaxBytesHandler. Whe ...	CVSS3: 7.5	0% Низкий	около 3 лет назад
GHSA-fxg5-wq6x-vr4w golang.org/x/net/http2/h2c vulnerable to request smuggling attack	CVSS3: 7.5	0% Низкий	около 3 лет назад

Уязвимостей на страницу