CVE-2015-5741
08.02.2020, 19:15
The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request that contains Content-Length and Transfer-Encoding header fields.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| golang | go | 𝑥 < 1.4.3 |
| redhat | openstack | 7.0 |
| redhat | enterprise_linux | 7.0 |
𝑥
= Vulnerable software versions
Ubuntu Releases
Ubuntu Product | |||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| gcc-5 |
| ||||||||||||||||||||||||||||||||||||||||||
| gccgo-4.7 |
| ||||||||||||||||||||||||||||||||||||||||||
| gccgo-4.8 |
| ||||||||||||||||||||||||||||||||||||||||||
| gccgo-4.9 |
| ||||||||||||||||||||||||||||||||||||||||||
| gccgo-5 |
| ||||||||||||||||||||||||||||||||||||||||||
| golang |
|
Red Hat Enterprise Linux Releases
Amazon Linux Releases
Amazon Package | |||
|---|---|---|---|
| docker |
| ||
| docker-devel |
| ||
| docker-pkg-devel |
| ||
| golang |
| ||
| golang-pkg-bin-linux-386 |
| ||
| golang-pkg-bin-linux-amd64 |
| ||
| golang-pkg-darwin-386 |
| ||
| golang-pkg-darwin-amd64 |
| ||
| golang-pkg-freebsd-386 |
| ||
| golang-pkg-freebsd-amd64 |
| ||
| golang-pkg-freebsd-arm |
| ||
| golang-pkg-linux-386 |
| ||
| golang-pkg-linux-amd64 |
| ||
| golang-pkg-linux-arm |
| ||
| golang-pkg-netbsd-386 |
| ||
| golang-pkg-netbsd-amd64 |
| ||
| golang-pkg-netbsd-arm |
| ||
| golang-pkg-openbsd-386 |
| ||
| golang-pkg-openbsd-amd64 |
| ||
| golang-pkg-plan9-386 |
| ||
| golang-pkg-plan9-amd64 |
| ||
| golang-pkg-windows-386 |
| ||
| golang-pkg-windows-amd64 |
| ||
| golang-src |
|
References