Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
cpp-httplib: HTTP Request Smuggling via Unconsumed GET Request Body
Vulnerability Description
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.40.0, cpp-httplib is vulnerable to HTTP Request Smuggling. The server's static file handler serves GET responses without consuming the request body. On HTTP/1.1 keep-alive connections, the unread body bytes remain on the TCP stream and are interpreted as the start of a new HTTP request. An attacker can embed an arbitrary HTTP request inside the body of a GET request, which the server processes as a separate request. This issue has been patched in version 0.40.0.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Vulnerability Type
HTTP请求的解释不一致性(HTTP请求私运)
Vulnerability Title
cpp-httplib 环境问题漏洞
Vulnerability Description
cpp-httplib是yhirose个人开发者的一款使用C++语言编写的HTTP/HTTPS服务器和客户端库。 cpp-httplib 0.40.0之前版本存在环境问题漏洞,该漏洞源于静态文件处理程序未消耗请求体,可能导致HTTP请求夹带攻击。
CVSS Information
N/A
Vulnerability Type
N/A