Vulnerabilities > Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

DATE CVE VULNERABILITY TITLE RISK
2020-03-30 CVE-2020-7611 HTTP Request Smuggling vulnerability in Objectcomputing Micronaut
All versions of io.micronaut:micronaut-http-client before 1.2.11 and all versions from 1.3.0 before 1.3.2 are vulnerable to HTTP Request Header Injection due to not validating request headers passed to the client.
network
low complexity
objectcomputing CWE-444
7.5
7.5
2020-03-26 CVE-2020-5129 HTTP Request Smuggling vulnerability in Sonicwall Sma1000 Firmware
A vulnerability in the SonicWall SMA1000 HTTP Extraweb server allows an unauthenticated remote attacker to cause HTTP server crash which leads to Denial of Service.
network
low complexity
sonicwall CWE-444
5.0
5.0
2020-03-23 CVE-2020-1944 HTTP Request Smuggling vulnerability in multiple products
There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and Transfer-Encoding and Content length headers.
network
low complexity
apache debian CWE-444
critical
 9.8
9.8
2020-03-23 CVE-2019-17565 HTTP Request Smuggling vulnerability in multiple products
There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and chunked encoding.
network
low complexity
apache debian CWE-444
critical
 9.8
9.8
2020-03-23 CVE-2019-17559 HTTP Request Smuggling vulnerability in multiple products
There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and scheme parsing.
network
low complexity
apache debian CWE-444
critical
 9.8
9.8
2020-03-12 CVE-2020-10109 HTTP Request Smuggling vulnerability in multiple products
In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability.
network
low complexity
twistedmatrix fedoraproject debian canonical CWE-444
critical
 9.8
9.8
2020-03-12 CVE-2020-10108 HTTP Request Smuggling vulnerability in multiple products
In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability.
network
low complexity
twistedmatrix fedoraproject debian canonical oracle CWE-444
critical
 9.8
9.8
2020-03-06 CVE-2020-10112 HTTP Request Smuggling vulnerability in Citrix Gateway Firmware 11.1/12.0/12.1
Citrix Gateway 11.1, 12.0, and 12.1 allows Cache Poisoning.
network
low complexity
citrix CWE-444
5.4
5.4
2020-03-06 CVE-2020-10111 HTTP Request Smuggling vulnerability in Citrix Gateway Firmware 11.1/12.0/12.1
Citrix Gateway 11.1, 12.0, and 12.1 has an Inconsistent Interpretation of HTTP Requests.
network
low complexity
citrix CWE-444
7.5
7.5
2020-03-04 CVE-2019-19223 HTTP Request Smuggling vulnerability in Dlink Dsl-2680 Firmware 1.03
A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an attacker to reboot the router by submitting a reboot.html GET request without being authenticated on the admin interface.
network
low complexity
dlink CWE-444
7.5
7.5