Vulnerabilities > Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-11-28 | CVE-2023-46589 | HTTP Request Smuggling vulnerability in Apache Tomcat Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. | 7.5 |
2023-11-15 | CVE-2023-48365 | HTTP Request Smuggling vulnerability in Qlik Sense Qlik Sense Enterprise for Windows before August 2023 Patch 2 allows unauthenticated remote code execution, aka QB-21683. | 9.9 |
2023-11-03 | CVE-2023-46846 | HTTP Request Smuggling vulnerability in multiple products SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems. | 5.3 |
2023-10-25 | CVE-2023-46137 | HTTP Request Smuggling vulnerability in Twisted Twisted is an event-based framework for internet applications. | 5.3 |
2023-10-09 | CVE-2023-30910 | HTTP Request Smuggling vulnerability in HPE products HPE MSA Controller prior to version IN210R004 could be remotely exploited to allow inconsistent interpretation of HTTP requests. | 5.4 |
2023-08-29 | CVE-2023-41265 | HTTP Request Smuggling vulnerability in Qlik Sense An HTTP Request Tunneling vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows a remote attacker to elevate their privilege by tunneling HTTP requests in the raw HTTP request. | 9.9 |
2023-08-10 | CVE-2023-40225 | HTTP Request Smuggling vulnerability in Haproxy HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2.7.x before 2.7.10, and 2.8.x before 2.8.2 forwards empty Content-Length headers, violating RFC 9110 section 8.6. | 7.2 |
2023-08-04 | CVE-2023-34037 | HTTP Request Smuggling vulnerability in VMWare Horizon Client VMware Horizon Server contains a HTTP request smuggling vulnerability. | 5.3 |
2023-07-25 | CVE-2023-35944 | HTTP Request Smuggling vulnerability in Envoyproxy Envoy Envoy is an open source edge and service proxy designed for cloud-native applications. | 5.3 |
2023-07-19 | CVE-2023-37276 | HTTP Request Smuggling vulnerability in Aiohttp aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. | 7.5 |