CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-38114 – Client-Side Desync Vulnerability
https://notcve.org/view.php?id=CVE-2022-38114
This vulnerability occurs when a web server fails to correctly process the Content-Length of POST requests. This can lead to HTTP request smuggling or XSS. Esta vulnerabilidad ocurre cuando un servidor web no logra procesar correctamente la longitud del contenido de las solicitudes POST. Esto puede provocar tráfico ilegal de solicitudes HTTP o XSS. • https://documentation.solarwinds.com/en/success_center/sem/content/release_notes/sem_2022-4_release_notes.htm https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-38114 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-38115 – Insecure Methods Vulnerability
https://notcve.org/view.php?id=CVE-2022-38115
Insecure method vulnerability in which allowed HTTP methods are disclosed. E.g., OPTIONS, DELETE, TRACE, and PUT Vulnerabilidad de método inseguro en la que se revelan métodos HTTP permitidos. Por ejemplo, OPTIONS, DELETE, TRACE y PUT • https://documentation.solarwinds.com/en/success_center/sem/content/release_notes/sem_2022-4_release_notes.htm https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-38115 • CWE-436: Interpretation Conflict CWE-650: Trusting HTTP Permission Methods on the Server Side •