Vulnerabilities > Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-25 | CVE-2023-35944 | HTTP Request Smuggling vulnerability in Envoyproxy Envoy Envoy is an open source edge and service proxy designed for cloud-native applications. | 5.3 |
| 2023-07-19 | CVE-2023-37276 | HTTP Request Smuggling vulnerability in Aiohttp aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. | 7.5 |
| 2023-07-11 | CVE-2023-33987 | HTTP Request Smuggling vulnerability in SAP web Dispatcher An unauthenticated attacker in SAP Web Dispatcher - versions WEBDISP 7.49, WEBDISP 7.53, WEBDISP 7.54, WEBDISP 7.77, WEBDISP 7.81, WEBDISP 7.85, WEBDISP 7.88, WEBDISP 7.89, WEBDISP 7.90, KERNEL 7.49, KERNEL 7.53, KERNEL 7.54 KERNEL 7.77, KERNEL 7.81, KERNEL 7.85, KERNEL 7.88, KERNEL 7.89, KERNEL 7.90, KRNL64NUC 7.49, KRNL64UC 7.49, KRNL64UC 7.53, HDB 2.00, XS_ADVANCED_RUNTIME 1.00, SAP_EXTENDED_APP_SERVICES 1, can submit a malicious crafted request over a network to a front-end server which may, over several attempts, result in a back-end server confusing the boundaries of malicious and legitimate messages. | 9.4 |
| 2023-07-06 | CVE-2023-26137 | HTTP Request Smuggling vulnerability in Drogon All versions of the package drogonframework/drogon are vulnerable to HTTP Response Splitting when untrusted user input is used to build header values in the addHeader and addCookie functions. | 6.1 |
| 2023-05-30 | CVE-2023-33193 | HTTP Request Smuggling vulnerability in Emby Emby.Releases Emby Server is a user-installable home media server which stores and organizes a user's media files of virtually any format and makes them available for viewing at home and abroad on a broad range of client devices. | 9.1 |
| 2023-04-11 | CVE-2023-25950 | HTTP Request Smuggling vulnerability in Haproxy HTTP request/response smuggling vulnerability in HAProxy version 2.7.0, and 2.6.1 to 2.6.7 allows a remote attacker to alter a legitimate user's request. | 7.3 |
| 2023-03-07 | CVE-2023-25690 | HTTP Request Smuggling vulnerability in Apache Http Server Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied request-target (URL) data and is then re-inserted into the proxied request-target using variable substitution. | 9.8 |
| 2023-03-07 | CVE-2023-27522 | HTTP Request Smuggling vulnerability in multiple products HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. | 7.5 |
| 2023-01-20 | CVE-2023-23691 | HTTP Request Smuggling vulnerability in Dell products Dell EMC PV ME5, versions ME5.1.0.0.0 and ME5.1.0.1.0, contains a Client-side desync Vulnerability. | 8.8 |
| 2023-01-17 | CVE-2022-36760 | HTTP Request Smuggling vulnerability in Apache Http Server Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. | 9.0 |