Vulnerabilities > Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

DATE CVE VULNERABILITY TITLE RISK
2020-08-07 CVE-2020-9490 HTTP Request Smuggling vulnerability in multiple products
Apache HTTP Server versions 2.4.20 to 2.4.43.
7.5
2020-08-07 CVE-2020-11993 HTTP Request Smuggling vulnerability in multiple products
Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools.
7.5
2020-07-15 CVE-2019-19326 HTTP Request Smuggling vulnerability in Silverstripe
Silverstripe CMS sites through 4.4.4 which have opted into HTTP Cache Headers on responses served by the framework's HTTP layer can be vulnerable to web cache poisoning.
network
high complexity
silverstripe CWE-444
5.9
2020-06-30 CVE-2020-15049 HTTP Request Smuggling vulnerability in multiple products
An issue was discovered in http/ContentLengthInterpreter.cc in Squid before 4.12 and 5.x before 5.0.3.
network
low complexity
squid-cache fedoraproject CWE-444
8.8
2020-06-19 CVE-2019-20866 HTTP Request Smuggling vulnerability in Mattermost Server
An issue was discovered in Mattermost Server before 5.12.0.
network
low complexity
mattermost CWE-444
5.3
2020-06-15 CVE-2018-21245 HTTP Request Smuggling vulnerability in Apsis Pound
Pound before 2.8 allows HTTP request smuggling, a related issue to CVE-2016-10711.
network
low complexity
apsis CWE-444
critical
9.1
2020-06-10 CVE-2020-7671 HTTP Request Smuggling vulnerability in Goliath Project Goliath
goliath through 1.0.6 allows request smuggling attacks where goliath is used as a backend and a frontend proxy also being vulnerable.
network
low complexity
goliath-project CWE-444
7.5
2020-06-10 CVE-2020-7670 HTTP Request Smuggling vulnerability in Ohler Agoo
agoo prior to 2.14.0 allows request smuggling attacks where agoo is used as a backend and a frontend proxy also being vulnerable.
network
low complexity
ohler CWE-444
7.5
2020-06-01 CVE-2020-7659 HTTP Request Smuggling vulnerability in Celluloid Reel
reel through 0.6.1 allows Request Smuggling attacks due to incorrect Content-Length and Transfer encoding header parsing.
network
low complexity
celluloid CWE-444
7.5
2020-05-26 CVE-2020-10719 HTTP Request Smuggling vulnerability in multiple products
A flaw was found in Undertow in versions before 2.1.1.Final, regarding the processing of invalid HTTP requests with large chunk sizes.
network
low complexity
redhat netapp CWE-444
6.5