Vulnerabilities > Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-08 | CVE-2024-23452 | HTTP Request Smuggling vulnerability in Apache Brpc Request smuggling vulnerability in HTTP server in Apache bRPC 0.9.5~1.7.0 on all platforms allows attacker to smuggle request. Vulnerability Cause Description: The http_parser does not comply with the RFC-7230 HTTP 1.1 specification. Attack scenario: If a message is received with both a Transfer-Encoding and a Content-Length header field, such a message might indicate an attempt to perform request smuggling or response splitting. One particular attack scenario is that a bRPC made http server on the backend receiving requests in one persistent connection from frontend server that uses TE to parse request with the logic that 'chunk' is contained in the TE field. | 7.5 |
| 2024-01-29 | CVE-2024-23829 | HTTP Request Smuggling vulnerability in multiple products aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. | 6.5 |
| 2024-01-22 | CVE-2023-52354 | HTTP Request Smuggling vulnerability in Blitiri Chasquid chasquid before 1.13 allows SMTP smuggling because LF-terminated lines are accepted. | 7.5 |
| 2024-01-08 | CVE-2023-51701 | HTTP Request Smuggling vulnerability in Fastify Reply-From fastify-reply-from is a Fastify plugin to forward the current HTTP request to another server. | 7.5 |
| 2024-01-08 | CVE-2024-21647 | HTTP Request Smuggling vulnerability in Puma Puma is a web server for Ruby/Rack applications built for parallelism. | 7.5 |
| 2023-12-12 | CVE-2023-49584 | HTTP Request Smuggling vulnerability in SAP Fiori Launchpad SAP Fiori launchpad - versions SAP_UI 750, SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, SAP_UI 758, UI_700 200, SAP_BASIS 793, allows an attacker to use HTTP verb POST on read-only service causing low impact on Confidentiality of the application. | 4.3 |
| 2023-11-28 | CVE-2023-46589 | HTTP Request Smuggling vulnerability in Apache Tomcat Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. | 7.5 |
| 2023-11-15 | CVE-2023-48365 | HTTP Request Smuggling vulnerability in Qlik Sense Qlik Sense Enterprise for Windows before August 2023 Patch 2 allows unauthenticated remote code execution, aka QB-21683. | 9.9 |
| 2023-11-15 | CVE-2023-46121 | HTTP Request Smuggling vulnerability in Yt-Dlp Project Yt-Dlp yt-dlp is a youtube-dl fork with additional features and fixes. | 3.7 |
| 2023-11-14 | CVE-2023-47627 | HTTP Request Smuggling vulnerability in Aiohttp aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. | 7.5 |