CVE-2024-1135 - Exploiting Gunicorn’s Transfer-Encoding Vulnerability for HTTP Request Smuggling
Gunicorn is a popular Python WSGI HTTP server commonly used to deploy Flask, Django, and other Python web applications. In early 2024, a major vulnerability,
CVE-2024-31309 - How an HTTP/2 CONTINUATION DoS Attack Impacts Apache Traffic Server (With Exploit Details & Mitigation Guide)
Apache Traffic Server (ATS) is a powerful, flexible caching proxy server used by big companies and many critical web applications. However, like any complex software,
CVE-2024-24795 - HTTP Response Splitting in Apache HTTP Server — Deep Dive, Exploit, and Mitigation
In early 2024, a new security vulnerability, CVE-2024-24795, was discovered in the widely-used Apache HTTP Server. This issue lets attackers use a technique called HTTP
CVE-2023-38709 - How Faulty Input Validation in Apache Can Split Your HTTP Responses (with Code Example & Exploit Explained)
In August 2023, a critical issue was discovered at the heart of one of the world’s most popular web servers: Apache HTTP Server. Known
CVE-2024-27316 - How HTTP/2 Headers Can Crash Your Server via nghttp2 Buffer Exhaustion
HTTP/2 is known for its speed and efficiency, but a vulnerability discovered this year (CVE-2024-27316) exposed a serious problem in the way the nghttp2
Episode
00:00:00
00:00:00