mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
88 lines
3.5 KiB
JSON
88 lines
3.5 KiB
JSON
{
|
|
"CVE_data_meta": {
|
|
"ASSIGNER": "security-advisories@github.com",
|
|
"ID": "CVE-2021-32715",
|
|
"STATE": "PUBLIC",
|
|
"TITLE": "Lenient Parsing of Content-Length Header When Prefixed with Plus Sign"
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "hyper",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "< 0.14.10"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"vendor_name": "hyperium"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"data_format": "MITRE",
|
|
"data_type": "CVE",
|
|
"data_version": "4.0",
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "hyper is an HTTP library for rust. hyper's HTTP/1 server code had a flaw that incorrectly parses and accepts requests with a `Content-Length` header with a prefixed plus sign, when it should have been rejected as illegal. This combined with an upstream HTTP proxy that doesn't parse such `Content-Length` headers, but forwards them, can result in \"request smuggling\" or \"desync attacks\". The flaw exists in all prior versions of hyper prior to 0.14.10, if built with `rustc` v1.5.0 or newer. The vulnerability is patched in hyper version 0.14.10. Two workarounds exist: One may reject requests manually that contain a plus sign prefix in the `Content-Length` header or ensure any upstream proxy handles `Content-Length` headers with a plus sign prefix."
|
|
}
|
|
]
|
|
},
|
|
"impact": {
|
|
"cvss": {
|
|
"attackComplexity": "HIGH",
|
|
"attackVector": "NETWORK",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 3.1,
|
|
"baseSeverity": "LOW",
|
|
"confidentialityImpact": "LOW",
|
|
"integrityImpact": "NONE",
|
|
"privilegesRequired": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"userInteraction": "REQUIRED",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
|
|
"version": "3.1"
|
|
}
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"name": "https://github.com/hyperium/hyper/security/advisories/GHSA-f3pg-qwvg-p99c",
|
|
"refsource": "CONFIRM",
|
|
"url": "https://github.com/hyperium/hyper/security/advisories/GHSA-f3pg-qwvg-p99c"
|
|
},
|
|
{
|
|
"name": "https://github.com/rust-lang/rust/pull/28826/commits/123a83326fb95366e94a3be1a74775df4db97739",
|
|
"refsource": "MISC",
|
|
"url": "https://github.com/rust-lang/rust/pull/28826/commits/123a83326fb95366e94a3be1a74775df4db97739"
|
|
}
|
|
]
|
|
},
|
|
"source": {
|
|
"advisory": "GHSA-f3pg-qwvg-p99c",
|
|
"discovery": "UNKNOWN"
|
|
}
|
|
} |