CVE-2015-5740

Published: 2017-10-18T20:29Z

Last Modified: 2024-11-21T02:33Z

Source: MITRE CVE List

License: MITRE-CVE-TOS

The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request with two Content-length headers. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt