Vulnerabilities > Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
|2023-04-11||CVE-2023-25950|| HTTP Request Smuggling vulnerability in Haproxy |
HTTP request/response smuggling vulnerability in HAProxy version 2.7.0, and 2.6.1 to 2.6.7 allows a remote attacker to alter a legitimate user's request.
| 7.3 |
|2023-03-07||CVE-2023-25690|| HTTP Request Smuggling vulnerability in Apache Http Server |
Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied request-target (URL) data and is then re-inserted into the proxied request-target using variable substitution.
| 9.8 |
|2023-03-07||CVE-2023-27522|| HTTP Request Smuggling vulnerability in multiple products |
HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi.
| 7.5 |
|2023-01-20||CVE-2023-23691|| HTTP Request Smuggling vulnerability in Dell products |
Dell EMC PV ME5, versions ME220.127.116.11.0 and ME18.104.22.168.0, contains a Client-side desync Vulnerability.
| 8.8 |
|2023-01-17||CVE-2022-36760|| HTTP Request Smuggling vulnerability in Apache Http Server |
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to.
| 9.0 |
|2023-01-13||CVE-2022-41721|| HTTP Request Smuggling vulnerability in Golang H2C |
A request smuggling attack is possible when using MaxBytesHandler.
| 7.5 |
|2022-12-06||CVE-2022-33876|| HTTP Request Smuggling vulnerability in Fortinet Fortiadc |
Multiple instances of improper input validation vulnerability in Fortinet FortiADC version 7.1.0, version 7.0.0 through 7.0.2 and version 6.2.4 and below allows an authenticated attacker to retrieve files with specific extension from the underlying Linux system via crafted HTTP requests.
| 6.5 |
|2022-12-05||CVE-2022-35256|| HTTP Request Smuggling vulnerability in multiple products |
The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF.
| 6.5 |
|2022-11-09||CVE-2022-45059|| HTTP Request Smuggling vulnerability in multiple products |
An issue was discovered in Varnish Cache 7.x before 7.1.2 and 7.2.x before 7.2.1.
low complexityvarnish-cache-project fedoraproject CWE-444
| 7.5 |
|2022-11-01||CVE-2022-42252|| HTTP Request Smuggling vulnerability in Apache Tomcat |
If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false (the default for 8.5.x only), Tomcat did not reject a request containing an invalid Content-Length header making a request smuggling attack possible if Tomcat was located behind a reverse proxy that also failed to reject the request with the invalid header.
| 7.5 |