Lucene search
PRIOn knowledge basePRION:CVE-2015-5740HistoryOct 18, 2017 - 8:29 p.m.
Design/Logic Flaw
2017-10-1820:29:00
PRIOn knowledge base
www.prio-n.com
7
The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request with two Content-length headers.
References
rhn.redhat.com/errata/RHSA-2016-1538.html
seclists.org/oss-sec/2015/q3/237
seclists.org/oss-sec/2015/q3/292
seclists.org/oss-sec/2015/q3/294
bugzilla.redhat.com/show_bug.cgi?id=1250352
github.com/golang/go/commit/300d9a21583e7cf0149a778a0611e76ff7c6680f
lists.fedoraproject.org/pipermail/package-announce/2015-October/167997.html
lists.fedoraproject.org/pipermail/package-announce/2015-October/168029.html
Related
cve
cve
CVE-2015-5740
2017-10-18 20:29:00
cvelist
cvelist
CVE-2015-5740
2017-10-18 20:00:00
nvd
nvd
CVE-2015-5740
2017-10-18 20:29:00
veracode
veracode
HTTP Request Smuggling
2017-04-27 07:53:54
ubuntucve
ubuntucve
CVE-2015-5740
2017-10-18 00:00:00
nessus
nessus
openSUSE Security Update : go (openSUSE-2016-907)
2016-07-28 00:00:00
Fedora 22 : golang-1.4.2-3.fc22 (2015-13002)
2015-08-18 00:00:00
Amazon Linux AMI : golang / docker (ALAS-2015-588)
2015-08-26 00:00:00
osv
osv
Request smuggling due to improper header parsing in net/http
2022-01-05 21:39:14
GO-2021-0157
2022-01-05 20:00:00
fedora
fedora
[SECURITY] Fedora 22 Update: golang-1.5.1-0.fc22
2015-10-01 18:59:26
[SECURITY] Fedora 21 Update: golang-1.4.2-3.fc21
2015-08-18 05:21:47
[SECURITY] Fedora 22 Update: golang-1.4.2-3.fc22
2015-08-18 05:23:04
openvas
openvas
Fedora Update for golang FEDORA-2015-15618
2015-10-02 00:00:00
Fedora Update for golang FEDORA-2015-12957
2015-08-20 00:00:00
Fedora Update for golang FEDORA-2015-13002
2015-08-20 00:00:00
amazon
amazon
Medium: golang, docker
2015-08-24 22:29:00
freebsd
freebsd
go -- multiple vulnerabilities
2015-07-29 00:00:00
cloudfoundry
cloudfoundry
Golang 1.4.3 CVE Fixes | Cloud Foundry
2015-10-07 00:00:00
redhat
redhat
(RHSA-2016:1538) Moderate: golang security, bug fix, and enhancement update
2016-08-02 13:46:33
centos
centos
golang security update
2016-08-02 21:57:55
hackerone
hackerone
Internet Bug Bounty: Apache HTTP Request Parsing Whitespace Defects
2017-06-29 17:41:22
Internet Bug Bounty: Multiple HTTP Smuggling reports
2019-07-17 22:47:10