CVE-2020-7670

agoo prior to 2.14.0 allows request smuggling attacks where agoo is used as a backend and a frontend proxy also being vulnerable. HTTP pipelining issues and request smuggling attacks might be possible due to incorrect Content-Length and Transfer encoding header parsing. It is possible to conduct HTTP request smuggling attacks where `agoo` is used as part of a chain of backend servers due to insufficient `Content-Length` and `Transfer Encoding` parsing.
Configurations

Configuration 1

cpe:2.3:a:ohler:agoo:*:*:*:*:*:ruby:*:*

Information

Published : 2020-06-10 04:15

Updated : 2020-11-17 12:15


NVD link : CVE-2020-7670

Mitre link : CVE-2020-7670

Products Affected
No products.
CWE
CWE-444

Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')