CVE-2015-5739
Request smuggling due to improper header parsing in net/http
EPSS 11.9%
Description
HTTP headers were not properly parsed, which allows remote attackers to conduct HTTP request smuggling attacks via a request that contains Content-Length and Transfer-Encoding header fields.
How to fix CVE-2015-5739
To remediate CVE-2015-5739, upgrade the affected package to a fixed version below.
- Go/stdlib—upgrade to 1.4.3 or later
Is CVE-2015-5739 being exploited?
Moderate — EPSS is 11.9%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (1)
- from 0, < 1.4.3