Vulnerabilities > Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

DATE CVE VULNERABILITY TITLE RISK
2020-05-22 CVE-2020-7658 HTTP Request Smuggling vulnerability in Meinheld
meinheld prior to 1.0.2 is vulnerable to HTTP Request Smuggling.
network
low complexity
meinheld CWE-444
6.1
2020-05-21 CVE-2020-7655 HTTP Request Smuggling vulnerability in Hive Netius
netius prior to 1.17.58 is vulnerable to HTTP Request Smuggling.
network
low complexity
hive CWE-444
6.1
2020-04-22 CVE-2020-11506 HTTP Request Smuggling vulnerability in Gitlab
An issue was discovered in GitLab 10.7.0 and later through 12.9.2.
network
low complexity
gitlab CWE-444
7.5
2020-04-22 CVE-2020-11505 HTTP Request Smuggling vulnerability in Gitlab
An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) before 12.7.9, 12.8.x before 12.8.9, and 12.9.x before 12.9.3.
network
low complexity
gitlab CWE-444
7.5
2020-04-12 CVE-2020-11724 HTTP Request Smuggling vulnerability in multiple products
An issue was discovered in OpenResty before 1.15.8.4.
network
low complexity
openresty debian CWE-444
7.5
2020-03-30 CVE-2020-7611 HTTP Request Smuggling vulnerability in Objectcomputing Micronaut
All versions of io.micronaut:micronaut-http-client before 1.2.11 and all versions from 1.3.0 before 1.3.2 are vulnerable to HTTP Request Header Injection due to not validating request headers passed to the client.
network
low complexity
objectcomputing CWE-444
critical
9.8
2020-03-26 CVE-2020-5129 HTTP Request Smuggling vulnerability in Sonicwall Sma1000 Firmware 12.1.006411
A vulnerability in the SonicWall SMA1000 HTTP Extraweb server allows an unauthenticated remote attacker to cause HTTP server crash which leads to Denial of Service.
network
low complexity
sonicwall CWE-444
7.5
2020-03-23 CVE-2020-1944 HTTP Request Smuggling vulnerability in multiple products
There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and Transfer-Encoding and Content length headers.
network
low complexity
apache debian CWE-444
critical
9.8
2020-03-23 CVE-2019-17565 HTTP Request Smuggling vulnerability in multiple products
There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and chunked encoding.
network
low complexity
apache debian CWE-444
critical
9.8
2020-03-23 CVE-2019-17559 HTTP Request Smuggling vulnerability in multiple products
There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and scheme parsing.
network
low complexity
apache debian CWE-444
critical
9.8