The net/http library in net/textproto/reader.go in Go prior to 1.4.3 does not properly parse HTTP header keys, which allows remote malicious users to conduct HTTP request smuggling attacks via a space instead of a hyphen, as demonstrated by "Content Length" instead of "Content-Length."
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
golang go |
||
fedoraproject fedora 22 |
||
fedoraproject fedora 21 |
||
redhat enterprise linux server aus 7.4 |
||
redhat enterprise linux server eus 7.2 |
||
redhat enterprise linux server tus 7.6 |
||
redhat enterprise linux server eus 7.4 |
||
redhat enterprise linux server eus 7.5 |
||
redhat enterprise linux server eus 7.6 |
||
redhat enterprise linux server tus 7.2 |
||
redhat enterprise linux server 7.0 |
||
redhat enterprise linux server aus 7.2 |
||
redhat enterprise linux server aus 7.3 |
||
redhat enterprise linux server aus 7.6 |
||
redhat enterprise linux server eus 7.3 |
||
redhat enterprise linux server tus 7.3 |