CVE-2020-11946
published 2020-04-20CVE-2020-11946: Zoho ManageEngine OpManager before 125120 allows an unauthenticated user to retrieve an API key via a servlet call.
PriorityP262high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
51.80%
98.8th percentile
Zoho ManageEngine OpManager before 125120 allows an unauthenticated user to retrieve an API key via a servlet call.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| zohocorp | manageengine_opmanager | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2020-11946 affects Zoho ManageEngine OpManager before version 125120 — an unauthenticated servlet call allows retrieval of an API key; monitor for unauthenticated requests to OpManager servlet endpoints that return API key material. ↗
- ·DOC 2 (HackerOne report #3249936) is a cURL HTTP Request Smuggling report that only references CVE-2020-11946 incidentally as a 'similar CVE' example — it contains no operational intelligence specific to CVE-2020-11946 and should not be used as a source for this CVE. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Greynoiseio
NoiseLetter August 2025
blogs_greynoiseio
NoiseLetter August 2025
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Find out immediately if an asset communicates with a malicious IP address
Vulnerability Prioritization Get real-time insight into active exploitation trends to better understand risk and severity
SOC Efficiency Filter out noisy, low priority and false-positive alerts from mass internet scanners
Incident Investigation Add context to incidents to speed the determinations of scope and timelines
Threat Hunting Quickly identify anomalous behavior and enrich your threat hunting campaigns
Why GreyNoise
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Fin
HackerOne
HTTP Request Smuggling Vulnerability Analysis - cURL Security Report
hackerone·2025-07-13
[MEDIUM] HTTP Request Smuggling Vulnerability Analysis - cURL Security Report
HTTP Request Smuggling Vulnerability Analysis - cURL Security Report
# HTTP Request Smuggling Vulnerability Report - cURL
## Summary:
cURL does not explicitly reject HTTP requests that contain both Transfer-Encoding and Content-Length headers, which can lead to HTTP request smuggling vulnerabilities (CWE-444) when the request passes through intermediary systems (proxies, load balancers, firewalls) that interpret these conflicting headers differently than the destination server. This inconsistent interpretation allows attackers to potentially smuggle malicious requests past security controls or cause cache poisoning attacks.
The vulnerability stems from the `http_req_set_reader()` function in `http.c` which processes Transfer-Encoding headers without validating for the presence of confli
2020-04-20
Published