Vulnerabilities > Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

DATE CVE VULNERABILITY TITLE RISK
2022-10-14 CVE-2022-2880 HTTP Request Smuggling vulnerability in Golang GO
Requests forwarded by ReverseProxy include the raw query parameters from the inbound request, including unparsable parameters rejected by net/http.
network
low complexity
golang CWE-444
7.5
2022-09-30 CVE-2022-21826 HTTP Request Smuggling vulnerability in multiple products
Pulse Secure version 9.115 and below may be susceptible to client-side http request smuggling, When the application receives a POST request, it ignores the request's Content-Length header and leaves the POST body on the TCP/TLS socket.
network
low complexity
pulsesecure ivanti CWE-444
5.4
2022-08-31 CVE-2022-2466 HTTP Request Smuggling vulnerability in Quarkus
It was found that Quarkus 2.10.x does not terminate HTTP requests header context which may lead to unpredictable behavior.
network
low complexity
quarkus CWE-444
critical
9.8
2022-08-15 CVE-2022-33988 HTTP Request Smuggling vulnerability in Dproxy-Nexgen Project Dproxy-Nexgen
dproxy-nexgen (aka dproxy nexgen) re-uses the DNS transaction id (TXID) value from client queries, which allows attackers (able to send queries to the resolver) to conduct DNS cache-poisoning attacks because the TXID value is known to the attacker.
network
low complexity
dproxy-nexgen-project CWE-444
7.5
2022-08-10 CVE-2022-1705 HTTP Request Smuggling vulnerability in Golang GO
Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid.
network
low complexity
golang CWE-444
6.5
2022-07-14 CVE-2022-32213 HTTP Request Smuggling vulnerability in multiple products
The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly parse and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling (HRS).
6.5
2022-07-14 CVE-2022-32214 HTTP Request Smuggling vulnerability in multiple products
The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests.
network
low complexity
llhttp nodejs debian stormshield CWE-444
6.5
2022-07-14 CVE-2022-32215 HTTP Request Smuggling vulnerability in multiple products
The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly handle multi-line Transfer-Encoding headers.
6.5
2022-07-07 CVE-2021-46825 HTTP Request Smuggling vulnerability in Broadcom Advanced Secure Gateway and Proxysg
Symantec Advanced Secure Gateway (ASG) and ProxySG are susceptible to an HTTP desync vulnerability.
network
low complexity
broadcom CWE-444
critical
9.1
2022-06-09 CVE-2022-26377 HTTP Request Smuggling vulnerability in multiple products
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to.
network
low complexity
apache fedoraproject netapp CWE-444
7.5