Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Http4s vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer section
Vulnerability Description
Http4s is a Scala interface for HTTP services. In versions from 1.0.0-M1 to before 1.0.0-M45 and before 0.23.31, http4s is vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer section. This vulnerability could enable attackers to bypass front-end servers security controls, launch targeted attacks against active users, and poison web caches. A pre-requisite for exploitation involves the web application being deployed behind a reverse-proxy that forwards trailer headers. This issue has been patched in versions 1.0.0-M45 and 0.23.31.
CVSS Information
N/A
Vulnerability Type
HTTP请求的解释不一致性(HTTP请求私运)
Vulnerability Title
Http4s 安全漏洞
Vulnerability Description
Http4s是Http4s开源的一款开源的用于Scala的流HTTP服务器。 Http4s 1.0.0-M1版本至1.0.0-M45之前版本和0.23.31之前版本存在安全漏洞,该漏洞源于HTTP trailer部分处理不当,可能导致HTTP请求夹带技术攻击。
CVSS Information
N/A
Vulnerability Type
N/A