anas-cherni/CVE-2023-50694.txt

## CVE-2023-50694.txt
> [Suggested description]
> An issue in dom96 HTTPbeast v.0.4.1 and before allows a remote attacker
> to send a malicious crafted request due to insufficient parsing in the parser.nim
> component.
>
>
> [VulnerabilityType Other]
> HTTP Request Smuggling
>
> ------------------------------------------
>
> [Vendor of Product]
> dom96 (open source maintainer)
>
> ------------------------------------------
>
> [Affected Product Code Base]
> httpbeast - all versions <= 0.4.1 are affected
>
> ------------------------------------------
>
> [Affected Component]
> /src/httpbeast/parser.nim
>
> ------------------------------------------
>
> [Attack Type]
> Remote
>
> ------------------------------------------
>
> [Impact Denial of Service]
> true
>
> ------------------------------------------
>
> [Impact Escalation of Privileges]
> true
>
> ------------------------------------------
>
> [Impact Information Disclosure]
> true
>
> ------------------------------------------
>
> [CVE Impact Other]
> This vulnerability can be chained with XSS and cache poisoning
>
> ------------------------------------------
>
> [Attack Vectors]
> To exploit this vulnerability,  and attacker could craft malicious requests to trick the system, posing security risks like unauthorized access, information disclosure, and bypassing security controls.
>
> ------------------------------------------
>
> [Reference]
> https://github.com/dom96/httpbeast/pull/96
> https://github.com/dom96/httpbeast/issues/95
>
> ------------------------------------------
>
> [Discoverer]
> Anas Cherni (n0s)
	> [Suggested description]
	> An issue in dom96 HTTPbeast v.0.4.1 and before allows a remote attacker
	> to send a malicious crafted request due to insufficient parsing in the parser.nim
	> component.
	>
	>
	> [VulnerabilityType Other]
	> HTTP Request Smuggling
	>
	> ------------------------------------------
	>
	> [Vendor of Product]
	> dom96 (open source maintainer)
	>
	> ------------------------------------------
	>
	> [Affected Product Code Base]
	> httpbeast - all versions <= 0.4.1 are affected
	>
	> ------------------------------------------
	>
	> [Affected Component]
	> /src/httpbeast/parser.nim
	>
	> ------------------------------------------
	>
	> [Attack Type]
	> Remote
	>
	> ------------------------------------------
	>
	> [Impact Denial of Service]
	> true
	>
	> ------------------------------------------
	>
	> [Impact Escalation of Privileges]
	> true
	>
	> ------------------------------------------
	>
	> [Impact Information Disclosure]
	> true
	>
	> ------------------------------------------
	>
	> [CVE Impact Other]
	> This vulnerability can be chained with XSS and cache poisoning
	>
	> ------------------------------------------
	>
	> [Attack Vectors]
	> To exploit this vulnerability, and attacker could craft malicious requests to trick the system, posing security risks like unauthorized access, information disclosure, and bypassing security controls.
	>
	> ------------------------------------------
	>
	> [Reference]
	> https://github.com/dom96/httpbeast/pull/96
	> https://github.com/dom96/httpbeast/issues/95
	>
	> ------------------------------------------
	>
	> [Discoverer]
	> Anas Cherni (n0s)