Vulnerabilities > Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

DATE CVE VULNERABILITY TITLE RISK
2020-09-18 CVE-2020-8201 HTTP Request Smuggling vulnerability in multiple products
Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users.
network
high complexity
nodejs opensuse fedoraproject CWE-444
7.4
2020-09-02 CVE-2020-15810 HTTP Request Smuggling vulnerability in multiple products
An issue was discovered in Squid before 4.13 and 5.x before 5.0.4.
6.5
2020-08-07 CVE-2020-9490 HTTP Request Smuggling vulnerability in multiple products
Apache HTTP Server versions 2.4.20 to 2.4.43.
7.5
2020-08-07 CVE-2020-11993 HTTP Request Smuggling vulnerability in multiple products
Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools.
7.5
2020-07-15 CVE-2019-19326 HTTP Request Smuggling vulnerability in Silverstripe
Silverstripe CMS sites through 4.4.4 which have opted into HTTP Cache Headers on responses served by the framework's HTTP layer can be vulnerable to web cache poisoning.
network
high complexity
silverstripe CWE-444
5.9
2020-06-30 CVE-2020-15049 HTTP Request Smuggling vulnerability in multiple products
An issue was discovered in http/ContentLengthInterpreter.cc in Squid before 4.12 and 5.x before 5.0.3.
network
low complexity
squid-cache fedoraproject CWE-444
8.8
2020-06-19 CVE-2019-20866 HTTP Request Smuggling vulnerability in Mattermost Server
An issue was discovered in Mattermost Server before 5.12.0.
network
low complexity
mattermost CWE-444
5.3
2020-06-15 CVE-2018-21245 HTTP Request Smuggling vulnerability in Apsis Pound
Pound before 2.8 allows HTTP request smuggling, a related issue to CVE-2016-10711.
network
low complexity
apsis CWE-444
critical
9.1
2020-06-10 CVE-2020-7671 HTTP Request Smuggling vulnerability in Goliath Project Goliath
goliath through 1.0.6 allows request smuggling attacks where goliath is used as a backend and a frontend proxy also being vulnerable.
network
low complexity
goliath-project CWE-444
7.5
2020-06-10 CVE-2020-7670 HTTP Request Smuggling vulnerability in Ohler Agoo
agoo prior to 2.14.0 allows request smuggling attacks where agoo is used as a backend and a frontend proxy also being vulnerable.
network
low complexity
ohler CWE-444
7.5