mirror of
https://github.com/OMGeeky/advisory-db.git
synced 2026-02-23 15:38:27 +01:00
c12999b9c8
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
20 lines
701 B
TOML
20 lines
701 B
TOML
[advisory]
|
|
id = "RUSTSEC-2020-0031"
|
|
package = "tiny_http"
|
|
date = "2020-06-16"
|
|
title = "HTTP Request smuggling through malformed Transfer Encoding headers"
|
|
url = "https://github.com/tiny-http/tiny-http/issues/173"
|
|
keywords = ["http", "request-smuggling"]
|
|
description = """
|
|
HTTP pipelining issues and request smuggling attacks are possible due to incorrect
|
|
Transfer encoding header parsing.
|
|
|
|
It is possible conduct HTTP request smuggling attacks (CL:TE/TE:TE) by sending invalid Transfer Encoding headers.
|
|
|
|
By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information
|
|
from requests other than their own.
|
|
"""
|
|
|
|
[versions]
|
|
patched = []
|