Vulnerabilities > Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

DATE CVE VULNERABILITY TITLE RISK
2023-04-11 CVE-2023-25950 HTTP Request Smuggling vulnerability in Haproxy
HTTP request/response smuggling vulnerability in HAProxy version 2.7.0, and 2.6.1 to 2.6.7 allows a remote attacker to alter a legitimate user's request.
network
low complexity
haproxy CWE-444
7.3
2023-03-07 CVE-2023-25690 HTTP Request Smuggling vulnerability in Apache Http Server
Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied request-target (URL) data and is then re-inserted into the proxied request-target using variable substitution.
network
low complexity
apache CWE-444
critical
9.8
2023-03-07 CVE-2023-27522 HTTP Request Smuggling vulnerability in multiple products
HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi.
network
low complexity
apache debian unbit CWE-444
7.5
2023-01-20 CVE-2023-23691 HTTP Request Smuggling vulnerability in Dell products
Dell EMC PV ME5, versions ME5.1.0.0.0 and ME5.1.0.1.0, contains a Client-side desync Vulnerability.
network
low complexity
dell CWE-444
8.8
2023-01-17 CVE-2022-36760 HTTP Request Smuggling vulnerability in Apache Http Server
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to.
network
high complexity
apache CWE-444
critical
9.0
2023-01-13 CVE-2022-41721 HTTP Request Smuggling vulnerability in Golang H2C
A request smuggling attack is possible when using MaxBytesHandler.
network
low complexity
golang CWE-444
7.5
2022-12-06 CVE-2022-33876 HTTP Request Smuggling vulnerability in Fortinet Fortiadc
Multiple instances of improper input validation vulnerability in Fortinet FortiADC version 7.1.0, version 7.0.0 through 7.0.2 and version 6.2.4 and below allows an authenticated attacker to retrieve files with specific extension from the underlying Linux system via crafted HTTP requests.
network
low complexity
fortinet CWE-444
6.5
2022-12-05 CVE-2022-35256 HTTP Request Smuggling vulnerability in multiple products
The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF.
network
low complexity
nodejs llhttp siemens debian CWE-444
6.5
2022-11-09 CVE-2022-45059 HTTP Request Smuggling vulnerability in multiple products
An issue was discovered in Varnish Cache 7.x before 7.1.2 and 7.2.x before 7.2.1.
7.5
2022-11-01 CVE-2022-42252 HTTP Request Smuggling vulnerability in Apache Tomcat
If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false (the default for 8.5.x only), Tomcat did not reject a request containing an invalid Content-Length header making a request smuggling attack possible if Tomcat was located behind a reverse proxy that also failed to reject the request with the invalid header.
network
low complexity
apache CWE-444
7.5