CVE-2020-7671
N/A
N/A
Summary
goliath through 1.0.6 allows request smuggling attacks where goliath is used as a backend and a frontend proxy also being vulnerable. It is possible to conduct HTTP request smuggling attacks by sending the Content-Length header twice. Furthermore, invalid Transfer Encoding headers were found to be parsed as valid which could be leveraged for TE:CL smuggling attacks.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | goliath | All versions including 1.0.6 | affected |
Weaknesses
- HTTP Request Smuggling
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.