CVE-2024-23452: Apache bRPC: HTTP request smuggling vulnerability

CVE-2024-23452: Apache bRPC: HTTP request smuggling vulnerability

Open Source Security [[{„value“:“

Posted by Wang Weibing on Feb 08

Severity: moderate

Affected versions:

– Apache bRPC 0.9.5 before 1.8.0

Description:

Request smuggling vulnerability in HTTP server in Apache bRPC 0.9.5~1.7.0 on all platforms allows attacker to smuggle
request.

Vulnerability Cause Description:

The http_parser does not comply with the RFC-7320 HTTP 1.1 specification.

Attack scenario:
If a message is received with both a Transfer-Encoding and a Content-Length header field, such a message…
„}]] Read More 

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert