Vulnerabilities > Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

DATE CVE VULNERABILITY TITLE RISK
2023-11-28 CVE-2023-46589 HTTP Request Smuggling vulnerability in Apache Tomcat
Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers.
network
low complexity
apache CWE-444
7.5
2023-11-15 CVE-2023-48365 HTTP Request Smuggling vulnerability in Qlik Sense
Qlik Sense Enterprise for Windows before August 2023 Patch 2 allows unauthenticated remote code execution, aka QB-21683.
network
low complexity
qlik CWE-444
critical
9.9
2023-11-03 CVE-2023-46846 HTTP Request Smuggling vulnerability in multiple products
SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems.
network
low complexity
squid-cache redhat CWE-444
5.3
2023-10-25 CVE-2023-46137 HTTP Request Smuggling vulnerability in Twisted
Twisted is an event-based framework for internet applications.
network
low complexity
twisted CWE-444
5.3
2023-10-09 CVE-2023-30910 HTTP Request Smuggling vulnerability in HPE products
HPE MSA Controller prior to version IN210R004 could be remotely exploited to allow inconsistent interpretation of HTTP requests. 
network
low complexity
hpe CWE-444
5.4
2023-08-29 CVE-2023-41265 HTTP Request Smuggling vulnerability in Qlik Sense
An HTTP Request Tunneling vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows a remote attacker to elevate their privilege by tunneling HTTP requests in the raw HTTP request.
network
low complexity
qlik CWE-444
critical
9.9
2023-08-10 CVE-2023-40225 HTTP Request Smuggling vulnerability in Haproxy
HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2.7.x before 2.7.10, and 2.8.x before 2.8.2 forwards empty Content-Length headers, violating RFC 9110 section 8.6.
network
low complexity
haproxy CWE-444
7.2
2023-08-04 CVE-2023-34037 HTTP Request Smuggling vulnerability in VMWare Horizon Client
VMware Horizon Server contains a HTTP request smuggling vulnerability.
network
low complexity
vmware CWE-444
5.3
2023-07-25 CVE-2023-35944 HTTP Request Smuggling vulnerability in Envoyproxy Envoy
Envoy is an open source edge and service proxy designed for cloud-native applications.
network
low complexity
envoyproxy CWE-444
5.3
2023-07-19 CVE-2023-37276 HTTP Request Smuggling vulnerability in Aiohttp
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python.
network
low complexity
aiohttp CWE-444
7.5