Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2015-5741

Published: 08/02/2020 Updated: 04/08/2021
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Go

Vulnerability Summary

The net/http library in net/http/transfer.go in Go prior to 1.4.3 does not properly parse HTTP headers, which allows remote malicious users to conduct HTTP request smuggling attacks via a request that contains Content-Length and Transfer-Encoding header fields.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

golang go

redhat openstack 7.0

redhat openstack 8

redhat enterprise linux 7.0

Vendor Advisories

Debian CVElist Bug Report Logs: golang: CVE-2015-5739 CVE-2015-5740 CVE-2015-5741
Debian Bug report logs - #795106 golang: CVE-2015-5739 CVE-2015-5740 CVE-2015-5741 Package: src:golang; Maintainer for src:golang is Go Compiler Team <team+go-compiler@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 10 Aug 2015 16:48:02 UTC Severity: important Tags: fixed-upstrea ...
Amazon Linux AMI: ALAS-2015-588
As discussed upstream -- <a href="seclistsorg/oss-sec/2015/q3/294">here </a> and <a href="seclistsorg/oss-sec/2015/q3/237">here</a> -- the Go project received notification of an HTTP request smuggling vulnerability in the net/http library Invalid headers are parsed as valid headers (like "Content Length:" w ...
Red Hat: CVE-2015-5741
Impact: Moderate Public Date: 2015-07-29 CWE: CWE-444 Bugzilla: 1250352: CVE-2015-5739 CVE-2015-5740 CV ...

References

CWE-444https://github.com/golang/go/commit/300d9a21583e7cf0149a778a0611e76ff7c6680fhttp://seclists.org/oss-sec/2015/q3/292http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168029.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=1250352http://seclists.org/oss-sec/2015/q3/237http://seclists.org/oss-sec/2015/q3/294http://lists.fedoraproject.org/pipermail/package-announce/2015-October/167997.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=795106https://nvd.nist.govhttps://alas.aws.amazon.com/ALAS-2015-588.html
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
hardcodedarbitrary codeCVE-2024-2404CVE-2024-21111CVE-2024-28627CVE-2024-4073information disclosureCVE-2024-32780CVE-2024-4040
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook