Vulnerabilities > Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

DATE CVE VULNERABILITY TITLE RISK
2018-08-29 CVE-2018-8004 HTTP Request Smuggling vulnerability in multiple products
There are multiple HTTP smuggling and cache poisoning issues when clients making malicious requests interact with Apache Traffic Server (ATS).
network
low complexity
apache debian CWE-444
6.5
2018-08-28 CVE-2018-3908 HTTP Request Smuggling vulnerability in Samsung Sth-Eth-250 Firmware 0.20.17
An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17.
network
low complexity
samsung CWE-444
7.5
2018-08-24 CVE-2018-3909 HTTP Request Smuggling vulnerability in Samsung Sth-Eth-250 Firmware 0.20.17
An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17.
network
low complexity
samsung CWE-444
8.6
2018-08-24 CVE-2018-3907 HTTP Request Smuggling vulnerability in Samsung Sth-Eth-250 Firmware 0.20.17
An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17.
network
low complexity
samsung CWE-444
critical
10.0
2018-08-06 CVE-2018-7068 HTTP Request Smuggling vulnerability in HP Centralview Fraud Risk Management
HPE has identified a remote HOST header attack vulnerability in HPE CentralView Fraud Risk Management earlier than version CV 6.1.
network
low complexity
hp CWE-444
6.1
2018-07-27 CVE-2017-12165 HTTP Request Smuggling vulnerability in Redhat Undertow
It was discovered that Undertow before 1.4.17, 1.3.31 and 2.0.0 processes http request headers with unusual whitespaces which can cause possible http request smuggling.
network
low complexity
redhat CWE-444
7.5
2018-07-27 CVE-2017-2666 HTTP Request Smuggling vulnerability in multiple products
It was discovered in Undertow that the code that parsed the HTTP request line permitted invalid characters.
network
low complexity
redhat debian CWE-444
6.5
2018-06-26 CVE-2017-7658 HTTP Request Smuggling vulnerability in multiple products
In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP/1.x configurations), and 9.4.x (all HTTP/1.x configurations), when presented with two content-lengths headers, Jetty ignored the second.
network
low complexity
eclipse debian oracle hp netapp CWE-444
critical
9.8
2018-06-26 CVE-2017-7657 HTTP Request Smuggling vulnerability in multiple products
In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly.
network
low complexity
eclipse debian netapp hp oracle CWE-444
critical
9.8
2018-01-29 CVE-2016-10711 HTTP Request Smuggling vulnerability in multiple products
Apsis Pound before 2.8a allows request smuggling via crafted headers, a different vulnerability than CVE-2005-3751.
network
low complexity
debian apsis CWE-444
critical
9.8