CVE-2015-5740: The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request…

CVE-2015-5740 [CRITICAL] CWE-444 GHSA-8vhq-594p-r648: The net/http library in net/http/transfer The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request with two Content-length headers.

CVE-2015-5739 Request smuggling due to improper header parsing in net/http Request smuggling due to improper header parsing in net/http HTTP headers were not properly parsed, which allows remote attackers to conduct HTTP request smuggling attacks via a request that contains Content-Length and Transfer-Encoding header fields.

CVE-2015-5740 [CRITICAL] CVE-2015-5740: The net/http library in net/http/transfer The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request with two Content-length headers.

CVE-2015-5740 [CRITICAL] CWE-444 golang: HTTP request smuggling in net/http library golang: HTTP request smuggling in net/http library The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request with two Content-length headers. HTTP-request vulnerabilities have been found in the Golang net/http and net/textproto libraries. Request headers with double Content-Length fields do not generate a 400 error (the second field is ignored), and invalid fields are parsed as valid (for example, "Content Length:" with a space in the middle is accepted). A non-authenticated attacker could exploit these flaws to bypass security controls, perform web-cache poisoning, or alter the request/response map (denial of service). Package: golang (Red Hat Enterprise Lin

[CRITICAL] Multiple HTTP Smuggling reports Multiple HTTP Smuggling reports Theses reports spreads other several years and are all about **HTTP Smuggling issues** (HTTP Requests or Responses splitting, Cache Poisoning, Security filter bypass). I've made reports on a wide range of open source projects, explaining the (not always easy) problems to the various security maintainers and testing the fixs. The starting point for this work was the 2005 work published by Amit Klein and some others: * 2004 - Amit Klein : "Divide and Conquer: HTTP Response Splitting, Web Cache Poisoning Attacks, and Related Topics" https://packetstormsecurity.com/papers/general/whitepaper_httpresponse.pdf * 2005 - Chaim Linhart, Amit Klein, Ronen Heled, Steve Orrin: "HTTP Request Smuggling" https://www.cgisecurity.com/lib/HTTP-Request-Smuggling.pdf * 2006 -

CVE-2015-5739 [CRITICAL] CVE-2015-5739 CVE-2015-5740 CVE-2015-5741 golang: HTTP request smuggling in net/http library CVE-2015-5739 CVE-2015-5740 CVE-2015-5741 golang: HTTP request smuggling in net/http library There have been found potentially exploitable flaws in Golang net/http library affecting versions 1.4.2 and 1.5. Problems: * Double Content-length headers in a request does not generate a 400 error, the second Content-length is ignored. * Invalid headers are parsed as valid headers (like "Content Length:" with a space in the middle) Exploitations: In a situation where the net/http agent HTTP communication with the final http clients is using some reverse proxy (reverse proxy cache, SSL terminators, etc), some requests can be made exploiting the net/http HTTP protocol violations. Attacker could possibly: * bypass security controls on theses previous elements * perform some cache poisoning on the