Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
load balancer vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2021-22959
The parser in accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS) in llhttp < v2.1.4 and < v6.0.6.
Llhttp Llhttp
Oracle Graalvm 21.3.0
Oracle Graalvm 20.3.4
Debian Debian Linux 11.0
6.5
CVSSv3
CVE-2021-22960
The parse function in llhttp < 2.1.4 and < 6.0.6. ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling (HRS) under certain conditions.
Llhttp Llhttp
Oracle Graalvm 21.3.0
Oracle Graalvm 20.3.4
Debian Debian Linux 11.0
6.5
CVSSv3
CVE-2015-5361
Background For regular, unencrypted FTP traffic, the FTP ALG can inspect the unencrypted control channel and open related sessions for the FTP data channel. These related sessions (gates) are specific to source and destination IPs and ports of client and server. The design intent...
Juniper Junos 12.1x44
Juniper Junos 12.1x46
Juniper Junos 12.1x46-d10
Juniper Junos 12.1x47
Juniper Junos 12.3x48
Juniper Junos 15.1x49
7.5
CVSSv3
CVE-2022-23632
Traefik is an HTTP reverse proxy and load balancer. Prior to version 2.6.1, Traefik skips the router transport layer security (TLS) configuration when the host header is a fully qualified domain name (FQDN). For a request, the TLS configuration choice can be different than the ro...
Traefik Traefik
Oracle Communications Unified Inventory Management 7.5.0
NA
CVE-2005-1391
Buffer overflow in the add_port function in APSIS Pound 1.8.2 and previous versions allows remote malicious users to execute arbitrary code via a long Host HTTP header.
Apsis Pound 1.8.2
NA
CVE-2005-3751
HTTP request smuggling vulnerability in Pound prior to 1.9.4 allows remote malicious users to poison web caches, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with conflicting Content-length and Transfer-encoding headers.
Apsis Pound
8.1
CVSSv3
CVE-2021-32813
Traefik is an HTTP reverse proxy and load balancer. Prior to version 2.4.13, there exists a potential header vulnerability in Traefik's handling of the Connection header. Active exploitation of this issue is unlikely, as it requires that a removed header would lead to a priv...
Traefik Traefik
NA
CVE-2011-3348
The mod_proxy_ajp module in the Apache HTTP Server prior to 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote malicious users to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.
Apache Http Server
Redhat Jboss Enterprise Web Server 1.0.0
6.1
CVSSv3
CVE-2022-31109
laminas-diactoros is a PHP package containing implementations of the PSR-7 HTTP message interfaces and PSR-17 HTTP message factory interfaces. Applications that use Diactoros, and are either not behind a proxy, or can be accessed via untrusted proxies, can potentially have the ho...
Getlaminas Laminas-diactoros
9.8
CVSSv3
CVE-2019-15605
HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed
Nodejs Node.js
Debian Debian Linux 10.0
Fedoraproject Fedora 30
Opensuse Leap 15.1
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux Server 7.0
Redhat Software Collections 1.0
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux Server Aus 7.7
Redhat Enterprise Linux Server Tus 7.7
Redhat Enterprise Linux Eus 7.7
Redhat Enterprise Linux Eus 8.1
Redhat Enterprise Linux Eus 8.2
Redhat Enterprise Linux Server Tus 8.2
Redhat Enterprise Linux Server Aus 8.2
Redhat Enterprise Linux Server Tus 8.4
Redhat Enterprise Linux Eus 8.4
Redhat Enterprise Linux Server Aus 8.4
Redhat Enterprise Linux Server Aus 8.6
Redhat Enterprise Linux Server Tus 8.6
Redhat Enterprise Linux Eus 8.6
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »