Vulnerabilities > Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

DATE CVE VULNERABILITY TITLE RISK
2020-03-12 CVE-2020-10109 HTTP Request Smuggling vulnerability in multiple products
In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability.
network
low complexity
twisted fedoraproject debian canonical CWE-444
critical
9.8
2020-03-12 CVE-2020-10108 HTTP Request Smuggling vulnerability in multiple products
In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability.
network
low complexity
twisted fedoraproject debian canonical oracle CWE-444
critical
9.8
2020-03-06 CVE-2020-10112 HTTP Request Smuggling vulnerability in Citrix Gateway Firmware 11.1/12.0/12.1
Citrix Gateway 11.1, 12.0, and 12.1 allows Cache Poisoning.
network
low complexity
citrix CWE-444
5.4
2020-03-06 CVE-2020-10111 HTTP Request Smuggling vulnerability in Citrix Gateway Firmware 11.1/12.0/12.1
Citrix Gateway 11.1, 12.0, and 12.1 has an Inconsistent Interpretation of HTTP Requests.
network
low complexity
citrix CWE-444
7.5
2020-03-04 CVE-2019-19223 HTTP Request Smuggling vulnerability in Dlink Dsl-2680 Firmware 1.03
A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an attacker to reboot the router by submitting a reboot.html GET request without being authenticated on the admin interface.
network
low complexity
dlink CWE-444
7.5
2020-02-27 CVE-2020-5401 HTTP Request Smuggling vulnerability in Cloudfoundry Routing Release
Cloud Foundry Routing Release, versions prior to 0.197.0, contains GoRouter, which allows malicious clients to send invalid headers, causing caching layers to reject subsequent legitimate clients trying to access the app.
network
low complexity
cloudfoundry CWE-444
5.3
2020-02-24 CVE-2020-1935 HTTP Request Smuggling vulnerability in multiple products
In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid.
network
high complexity
apache debian canonical opensuse netapp oracle CWE-444
4.8
2020-02-24 CVE-2019-17569 HTTP Request Smuggling vulnerability in multiple products
The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a regression.
network
high complexity
apache opensuse netapp debian oracle CWE-444
4.8
2020-02-08 CVE-2015-5741 HTTP Request Smuggling vulnerability in multiple products
The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request that contains Content-Length and Transfer-Encoding header fields.
network
low complexity
golang redhat CWE-444
critical
9.8
2020-02-07 CVE-2019-15605 HTTP Request Smuggling vulnerability in multiple products
HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed
network
low complexity
nodejs debian fedoraproject opensuse redhat oracle CWE-444
critical
9.8