mirror of
https://github.com/OMGeeky/advisory-db.git
synced 2026-01-01 09:10:25 +01:00
Add tiny-http Request Smuggling
This commit is contained in:
snoopysecurity
20
crates/tiny_http/RUSTSEC-2020-0000.toml
Normal file
20
crates/tiny_http/RUSTSEC-2020-0000.toml
Normal file
@@ -0,0 +1,20 @@
|
||||
[advisory]
|
||||
id = "RUSTSEC-2020-0000"
|
||||
package = "tiny_http"
|
||||
date = "2020-06-16"
|
||||
title = "HTTP Request smuggling through malformed Transfer Encoding headers"
|
||||
url = "https://github.com/tiny-http/tiny-http/issues/173"
|
||||
categories = ["format-injection"]
|
||||
keywords = ["http", "request-smuggling"]
|
||||
description = """
|
||||
HTTP pipelining issues and request smuggling attacks are possible due to incorrect
|
||||
Transfer encoding header parsing.
|
||||
|
||||
It is possible conduct HTTP request smuggling attacks (CL:TE/TE:TE) by sending invalid Transfer Encoding headers.
|
||||
|
||||
By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information
|
||||
from requests other than their own.
|
||||
"""
|
||||
|
||||
[versions]
|
||||
patched = []
|
||||
Reference in New Issue
Block a user