Max CVSS | 7.5 | Min CVSS | 5.0 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2016-5386 | 6.8 |
The net/http package in Go through 1.6 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which mi
|
16-08-2022 - 13:17 | 19-07-2016 - 02:00 | |
CVE-2015-5741 | 7.5 |
The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request that contains Content-Length and Transfer-Encoding header fiel
|
04-08-2021 - 17:15 | 08-02-2020 - 19:15 | |
CVE-2015-5739 | 7.5 |
The net/http library in net/textproto/reader.go in Go before 1.4.3 does not properly parse HTTP header keys, which allows remote attackers to conduct HTTP request smuggling attacks via a space instead of a hyphen, as demonstrated by "Content Length"
|
10-05-2019 - 16:45 | 18-10-2017 - 20:29 | |
CVE-2015-5740 | 7.5 |
The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request with two Content-length headers.
|
09-05-2019 - 20:13 | 18-10-2017 - 20:29 | |
CVE-2016-3959 | 5.0 |
The Verify function in crypto/dsa/dsa.go in Go before 1.5.4 and 1.6.x before 1.6.1 does not properly check parameters passed to the big integer library, which might allow remote attackers to cause a denial of service (infinite loop) via a crafted pub
|
30-10-2018 - 16:27 | 23-05-2016 - 19:59 |