Brad Fitzpatrick

4 exploits Active since Jun 2011
CVE-2011-2206 WRITEUP STUB
DJabberd < 0.85 - Authenticated XML External Entity Injection
XMLParser.pm in DJabberd before 0.85 allows remote authenticated users to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consumption), via an XML external entity declaration in conjunction with an entity reference, a different vulnerability than CVE-2011-1757.
CVE-2015-5739 WRITEUP CRITICAL WRITEUP
Go <1.4.3 - Server-Side Request Forgery
The net/http library in net/textproto/reader.go in Go before 1.4.3 does not properly parse HTTP header keys, which allows remote attackers to conduct HTTP request smuggling attacks via a space instead of a hyphen, as demonstrated by "Content Length" instead of "Content-Length."
CVSS 9.8
CVE-2015-5740 WRITEUP CRITICAL WRITEUP
Go <1.4.3 - HTTP Request Smuggling
The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request with two Content-length headers.
CVSS 9.8
CVE-2015-5741 WRITEUP CRITICAL WRITEUP
Go <1.4.3 - Server-Side Request Forgery
The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request that contains Content-Length and Transfer-Encoding header fields.
CVSS 9.8