Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
TinyWeb: Integer Overflow in `_Val` (HTTP Request Smuggling)
Vulnerability Description
TinyWeb is a web server (HTTP, HTTPS) written in Delphi for Win32. Prior to version 2.03, an integer overflow vulnerability in the string-to-integer conversion routine (_Val) allows an unauthenticated remote attacker to bypass Content-Length restrictions and perform HTTP Request Smuggling. This can lead to unauthorized access, security filter bypass, and potential cache poisoning. The impact is critical for servers using persistent connections (Keep-Alive). This issue has been patched in version 2.03.
CVSS Information
N/A
Vulnerability Type
整数溢出或超界折返
Vulnerability Title
TinyWeb 环境问题漏洞
Vulnerability Description
TinyWeb是Konstantin Belyalov个人开发者的一个简单且轻量级 HTTP 服务器。 TinyWeb 2.03之前版本存在环境问题漏洞,该漏洞源于字符串到整数转换例程存在整数溢出,可能导致绕过Content-Length限制并执行HTTP请求夹带攻击。
CVSS Information
N/A
Vulnerability Type
N/A