OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-01-03 18:15:23 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #355 from snoopysecurity/add-tiny-http-request-smuggling

Browse Source 
Add tiny-http Request Smuggling
This commit is contained in:
Sergey "Shnatsel" Davidoff
2020-08-21 19:10:18 +02:00
committed by GitHub
parent 4b1e065e0c 1400f85920
commit 50e585fa5e
1 changed files with 19 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
crates/tiny_http/RUSTSEC-2020-0000.toml Normal file
View File

@@ -0,0 +1,19 @@
[advisory]
id = "RUSTSEC-2020-0000"
package = "tiny_http"
date = "2020-06-16"
title = "HTTP Request smuggling through malformed Transfer Encoding headers"
url = "https://github.com/tiny-http/tiny-http/issues/173"
keywords = ["http", "request-smuggling"]
description = """
HTTP pipelining issues and request smuggling attacks are possible due to incorrect
Transfer encoding header parsing.
It is possible conduct HTTP request smuggling attacks (CL:TE/TE:TE) by sending invalid Transfer Encoding headers.
By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information
from requests other than their own.
"""
[versions]
patched = []