Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
veracodeVeracode Vulnerability DatabaseVERACODE:42608
HistoryAug 07, 2023 - 10:02 a.m.

HTTP Request Smuggling

2023-08-0710:02:17
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6
vulnerability
http request smuggling
protocol-http1
improper implementation
content-length header
firewall bypassing

CVSS3

5.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

EPSS

0.001

Percentile

45.0%

JSON

protocol-http1 is vulnerable to HTTP Request Smuggling. The vulnerability exists in the read function of chunked.rb due to improper HTTP/1 implementation based on the RFC spec, such as allowing Content-Length header values with a + or 0x prefix, which can lead to HTTP request smuggling and firewall bypassing.

Related

nessus 1
ubuntucve 1
redhatcve 1
cbl_mariner 1
osv 2
nvd 1
cve 1
github 1
cvelist 1
prion 1
rubygems 1
debiancve 1
ibm 1
nessus
nessus
CBL Mariner 2.0 Security Update: rubygem-protocol-http1 (CVE-2023-38697)
2023-08-31 00:00:00
ubuntucve
ubuntucve
CVE-2023-38697
2023-08-04 00:00:00
redhatcve
redhatcve
CVE-2023-38697
2023-08-05 15:48:44
cbl_mariner
cbl_mariner
CVE-2023-38697 affecting package rubygem-protocol-http1 for versions less than 0.15.1-1
2023-08-30 14:44:06
osv
osv
CVE-2023-38697
2023-08-04 18:15:15
protocol-http1 HTTP Request/Response Smuggling vulnerability
2023-08-03 16:36:34
nvd
nvd
CVE-2023-38697
2023-08-04 18:15:15
cve
cve
CVE-2023-38697
2023-08-04 18:15:15
github
github
protocol-http1 HTTP Request/Response Smuggling vulnerability
2023-08-03 16:36:34
cvelist
cvelist
CVE-2023-38697 protocol-http1 HTTP Request/Response Smuggling vulnerability
2023-08-04 17:32:51
prion
prion
Design/Logic Flaw
2023-08-04 18:15:00
rubygems
rubygems
protocol-http1 HTTP Request/Response Smuggling vulnerability
2023-08-02 21:00:00
debiancve
debiancve
CVE-2023-38697
2023-08-04 18:15:15
ibm
ibm
Security Bulletin: IBM Cloud Pak for Network Automation 2.6.4 fixes multiple security vulnerabilities
2023-12-15 14:31:02

CVSS3

5.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

EPSS

0.001

Percentile

45.0%

JSON
Related for VERACODE:42608
nessus1ubuntucve1redhatcve1cbl_mariner1osv2nvd1cve1github1cvelist1prion1rubygems1debiancve1ibm1