ByteOS Network

Vulnerability Details :

CVE-2016-15039

Assigner-VulDB

Assigner Org ID-1af790b2-7ee1-4545-860a-a788eba489b5

Published At-11 Jul, 2024 | 02:31

Updated At-06 Aug, 2024 | 03:47

mhuertos phpLDAPadmin ajax_functions.js makeHttpRequest request smuggling

A vulnerability classified as critical was found in mhuertos phpLDAPadmin up to 665dbc2690ebeb5392d38f1fece0a654225a0b38. Affected by this vulnerability is the function makeHttpRequest of the file htdocs/js/ajax_functions.js. The manipulation leads to http request smuggling. The attack can be launched remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The patch is named dd6e9583a2eb2ca085583765e8a63df5904cb036. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-270523.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:VulDB

Assigner Org ID:1af790b2-7ee1-4545-860a-a788eba489b5

Published At:11 Jul, 2024 | 02:31

Updated At:06 Aug, 2024 | 03:47

▼CVE Numbering Authority (CNA)

mhuertos phpLDAPadmin ajax_functions.js makeHttpRequest request smuggling

Affected Products

Vendor

mhuertos

Product

phpLDAPadmin

Versions

Affected

665dbc2690ebeb5392d38f1fece0a654225a0b38

Problem Types

Type	CWE ID	Description
CWE	CWE-444	CWE-444 HTTP Request Smuggling

Type: CWE

CWE ID: CWE-444

Description: CWE-444 HTTP Request Smuggling

Metrics

Version	Base score	Base severity	Vector
4.0	5.3	MEDIUM	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
3.1	6.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
3.0	6.3	MEDIUM	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
2.0	6.5	N/A	AV:N/AC:L/Au:S/C:P/I:P/A:P

Version: 4.0

Base score: 5.3

Base severity: MEDIUM

Vector:

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Version: 3.1

Base score: 6.3

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Version: 3.0

Base score: 6.3

Base severity: MEDIUM

Vector:

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Version: 2.0

Base score: 6.5

Base severity: N/A

Vector:

AV:N/AC:L/Au:S/C:P/I:P/A:P

Credits

tool

VulDB GitHub Commit Analyzer

Timeline

Event	Date
Advisory disclosed	2016-08-11 00:00:00
Countermeasure disclosed	2016-08-11 00:00:00
VulDB entry created	2024-07-08 02:00:00
VulDB entry last update	2024-07-08 21:27:23

Event: Advisory disclosed

Date: 2016-08-11 00:00:00

Event: Countermeasure disclosed

Date: 2016-08-11 00:00:00

Event: VulDB entry created

Date: 2024-07-08 02:00:00

Event: VulDB entry last update

Date: 2024-07-08 21:27:23

References

Hyperlink	Resource
https://vuldb.com/?id.270523	vdb-entry technical-description
https://vuldb.com/?ctiid.270523	signature permissions-required
https://github.com/mhuertos/phpLDAPadmin/commit/dd6e9583a2eb2ca085583765e8a63df5904cb036	patch

Hyperlink: https://vuldb.com/?id.270523

Resource:

vdb-entry

technical-description

Hyperlink: https://vuldb.com/?ctiid.270523

Resource:

signature

permissions-required

Hyperlink: https://github.com/mhuertos/phpLDAPadmin/commit/dd6e9583a2eb2ca085583765e8a63df5904cb036

Resource:

patch

▼Authorized Data Publishers (ADP)

1. CISA ADP Vulnrichment

Metrics Other Info

2. CVE Program Container

References

Hyperlink	Resource
https://vuldb.com/?id.270523	vdb-entry technical-description x_transferred
https://vuldb.com/?ctiid.270523	signature permissions-required x_transferred
https://github.com/mhuertos/phpLDAPadmin/commit/dd6e9583a2eb2ca085583765e8a63df5904cb036	patch x_transferred

Hyperlink: https://vuldb.com/?id.270523

Resource:

vdb-entry

technical-description

x_transferred

Hyperlink: https://vuldb.com/?ctiid.270523

Resource:

signature

permissions-required

x_transferred

Hyperlink: https://github.com/mhuertos/phpLDAPadmin/commit/dd6e9583a2eb2ca085583765e8a63df5904cb036

Resource:

patch

x_transferred

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:cna@vuldb.com

Published At:11 Jul, 2024 | 03:15

Updated At:11 Jul, 2024 | 13:05

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	4.0	5.3	MEDIUM	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Secondary	3.1	6.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Secondary	2.0	6.5	MEDIUM	AV:N/AC:L/Au:S/C:P/I:P/A:P

Type: Secondary

Version: 4.0

Base score: 5.3

Base severity: MEDIUM

Vector:

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Type: Secondary

Version: 3.1

Base score: 6.3

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Type: Secondary

Version: 2.0

Base score: 6.5

Base severity: MEDIUM

Vector:

AV:N/AC:L/Au:S/C:P/I:P/A:P

Weaknesses

CWE ID	Type	Source
CWE-444	Primary	cna@vuldb.com

CWE ID: CWE-444

Type: Primary

Source: cna@vuldb.com

References

Hyperlink	Source	Resource
https://github.com/mhuertos/phpLDAPadmin/commit/dd6e9583a2eb2ca085583765e8a63df5904cb036	cna@vuldb.com	N/A
https://vuldb.com/?ctiid.270523	cna@vuldb.com	N/A
https://vuldb.com/?id.270523	cna@vuldb.com	N/A

Hyperlink: https://github.com/mhuertos/phpLDAPadmin/commit/dd6e9583a2eb2ca085583765e8a63df5904cb036

Source: cna@vuldb.com

Resource: N/A

Hyperlink: https://vuldb.com/?ctiid.270523

Source: cna@vuldb.com

Resource: N/A

Hyperlink: https://vuldb.com/?id.270523

Source: cna@vuldb.com

Resource: N/A

Similar CVEs

3Records found

CVE-2024-32638

Matching Score-4

Assigner-Apache Software Foundation

View Details

Matching Score-4

Assigner-Apache Software Foundation

CVSS Score-6.3||MEDIUM

EPSS-0.17% / 39.15%

7 Day CHG~0.00%

Published-02 May, 2024 | 09:20

Updated-10 Jul, 2025 | 16:00

Apache APISIX: Forward-Auth Request Smuggling

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in Apache APISIX when using `forward-auth` plugin.This issue affects Apache APISIX: from 3.8.0, 3.9.0. Users are recommended to upgrade to version 3.8.1, 3.9.1 or higher, which fixes the issue.

Vendor-apache_software_foundation The Apache Software Foundation

Product-apisix Apache APISIX Apache_APISIX

CWE ID-CWE-444

Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

CVE-2020-15049

Matching Score-4

Assigner-MITRE Corporation

View Details

Matching Score-4

Assigner-MITRE Corporation

CVSS Score-9.9||CRITICAL

EPSS-7.30% / 91.29%

7 Day CHG~0.00%

Published-30 Jun, 2020 | 17:55

Updated-04 Aug, 2024 | 13:08

An issue was discovered in http/ContentLengthInterpreter.cc in Squid before 4.12 and 5.x before 5.0.3. A Request Smuggling and Poisoning attack can succeed against the HTTP cache. The client sends an HTTP request with a Content-Length header containing "+\ "-" or an uncommon shell whitespace character prefix to the length field-value.

Vendor-n/a Squid Cache Fedora Project

Product-squid fedora n/a

CWE ID-CWE-444

Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

CVE-2025-0752

Matching Score-4

Assigner-Red Hat, Inc.

View Details

Matching Score-4

Assigner-Red Hat, Inc.

CVSS Score-6.3||MEDIUM

EPSS-0.10% / 27.78%

7 Day CHG+0.01%

Published-28 Jan, 2025 | 09:29

Updated-22 Aug, 2025 | 14:19

Envoyproxy: openshift service mesh envoy http header sanitization bypass leading to dos and unauthorized access

A flaw was found in OpenShift Service Mesh 2.6.3 and 2.5.6. Rate-limiter avoidance, access-control bypass, CPU and memory exhaustion, and replay attacks may be possible due to improper HTTP header sanitization in Envoy.

Vendor-Red Hat, Inc.

Product-OpenShift Service Mesh 2

CWE ID-CWE-444

Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

CVE-2016-15039

Credits

mhuertos phpLDAPadmin ajax_functions.js makeHttpRequest request smuggling

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs