Lucene search
PRIOn knowledge basePRION:CVE-2015-5739HistoryOct 18, 2017 - 8:29 p.m.
Design/Logic Flaw
2017-10-1820:29:00
PRIOn knowledge base
www.prio-n.com
5
The net/http library in net/textproto/reader.go in Go before 1.4.3 does not properly parse HTTP header keys, which allows remote attackers to conduct HTTP request smuggling attacks via a space instead of a hyphen, as demonstrated by “Content Length” instead of “Content-Length.”
References
rhn.redhat.com/errata/RHSA-2016-1538.html
seclists.org/oss-sec/2015/q3/237
seclists.org/oss-sec/2015/q3/292
seclists.org/oss-sec/2015/q3/294
www.securityfocus.com/bid/76281
bugzilla.redhat.com/show_bug.cgi?id=1250352
github.com/golang/go/commit/117ddcb83d7f42d6aa72241240af99ded81118e9
lists.fedoraproject.org/pipermail/package-announce/2015-October/167997.html
lists.fedoraproject.org/pipermail/package-announce/2015-October/168029.html
Related
cve
cve
CVE-2015-5739
2017-10-18 20:29:00
cvelist
cvelist
CVE-2015-5739
2017-10-18 20:00:00
nvd
nvd
CVE-2015-5739
2017-10-18 20:29:00
ubuntucve
ubuntucve
CVE-2015-5739
2017-10-18 00:00:00
veracode
veracode
HTTP Header Injection
2019-01-15 09:12:45
HTTP Header Injection
2017-04-27 07:04:20
fedora
fedora
[SECURITY] Fedora 22 Update: golang-1.5.1-0.fc22
2015-10-01 18:59:26
[SECURITY] Fedora 21 Update: golang-1.4.2-3.fc21
2015-08-18 05:21:47
[SECURITY] Fedora 22 Update: golang-1.4.2-3.fc22
2015-08-18 05:23:04
nessus
nessus
Amazon Linux AMI : golang / docker (ALAS-2015-588)
2015-08-26 00:00:00
openSUSE Security Update : go (openSUSE-2016-907)
2016-07-28 00:00:00
Fedora 22 : golang-1.4.2-3.fc22 (2015-13002)
2015-08-18 00:00:00
osv
osv
Request smuggling due to improper header parsing in net/http
2022-01-05 21:39:14
GO-2021-0157
2022-01-05 20:00:00
openvas
openvas
Fedora Update for golang FEDORA-2015-15618
2015-10-02 00:00:00
Fedora Update for golang FEDORA-2015-12957
2015-08-20 00:00:00
Fedora Update for golang FEDORA-2015-13002
2015-08-20 00:00:00
amazon
amazon
Medium: golang, docker
2015-08-24 22:29:00
freebsd
freebsd
go -- multiple vulnerabilities
2015-07-29 00:00:00
cloudfoundry
cloudfoundry
Golang 1.4.3 CVE Fixes | Cloud Foundry
2015-10-07 00:00:00
redhat
redhat
(RHSA-2016:1538) Moderate: golang security, bug fix, and enhancement update
2016-08-02 13:46:33
centos
centos
golang security update
2016-08-02 21:57:55
hackerone
hackerone
Internet Bug Bounty: Apache HTTP Request Parsing Whitespace Defects
2017-06-29 17:41:22
Internet Bug Bounty: Multiple HTTP Smuggling reports
2019-07-17 22:47:10