Vulnerabilities > Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

DATE CVE VULNERABILITY TITLE RISK
2024-11-25 CVE-2024-9666 A vulnerability was found in the Keycloak Server.
local
high complexity
CWE-444
4.7
2024-11-17 CVE-2023-4639 A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests.
network
high complexity
CWE-444
7.4
2024-10-08 CVE-2024-9622 A vulnerability was found in the resteasy-netty4 library arising from improper handling of HTTP requests using smuggling techniques.
network
low complexity
CWE-444
5.3
2024-09-19 CVE-2024-45614 HTTP Request Smuggling vulnerability in Puma
Puma is a Ruby/Rack web server built for parallelism.
network
high complexity
puma CWE-444
5.4
2024-09-08 CVE-2024-42342 HTTP Request Smuggling vulnerability in Loway Queuemetrics 22.11.6/23.09/24.05
Loway - CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
network
low complexity
loway CWE-444
4.3
2024-06-10 CVE-2024-22279 HTTP Request Smuggling vulnerability in Cloudfoundry Cf-Deployment and Routing Release
Improper handling of requests in Routing Release > v0.273.0 and <= v0.297.0 allows an unauthenticated attacker to degrade the service availability of the Cloud Foundry deployment if performed at scale.
network
low complexity
cloudfoundry CWE-444
7.5
2024-06-04 CVE-2024-23326 HTTP Request Smuggling vulnerability in Envoyproxy Envoy
Envoy is a cloud-native, open source edge and service proxy.
network
low complexity
envoyproxy CWE-444
8.2
2024-01-22 CVE-2023-52354 HTTP Request Smuggling vulnerability in Blitiri Chasquid
chasquid before 1.13 allows SMTP smuggling because LF-terminated lines are accepted.
network
low complexity
blitiri CWE-444
7.5
2024-01-08 CVE-2023-51701 HTTP Request Smuggling vulnerability in Fastify Reply-From
fastify-reply-from is a Fastify plugin to forward the current HTTP request to another server.
network
low complexity
fastify CWE-444
7.5
2023-11-28 CVE-2023-46589 HTTP Request Smuggling vulnerability in Apache Tomcat
Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers.
network
low complexity
apache CWE-444
7.5