The net/http library in net/http/transfer.go in Go prior to 1.4.3 does not properly parse HTTP headers, which allows remote malicious users to conduct HTTP request smuggling attacks via a request that contains Content-Length and Transfer-Encoding header fields.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
golang go |
||
redhat openstack 7.0 |
||
redhat openstack 8 |
||
redhat enterprise linux 7.0 |