Vulnerabilities > Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

DATE CVE VULNERABILITY TITLE RISK
2022-05-25 CVE-2022-29361 HTTP Request Smuggling vulnerability in Palletsprojects Werkzeug
Improper parsing of HTTP requests in Pallets Werkzeug v2.1.0 and below allows attackers to perform HTTP Request Smuggling using a crafted HTTP request with multiple requests included inside the body.
network
low complexity
palletsprojects CWE-444
critical
9.8
2022-03-21 CVE-2022-24766 HTTP Request Smuggling vulnerability in Mitmproxy
mitmproxy is an interactive, SSL/TLS-capable intercepting proxy.
network
low complexity
mitmproxy CWE-444
critical
9.8
2022-03-17 CVE-2022-24761 HTTP Request Smuggling vulnerability in multiple products
Waitress is a Web Server Gateway Interface server for Python 2 and 3.
network
low complexity
agendaless debian CWE-444
7.5
2022-03-14 CVE-2022-22720 HTTP Request Smuggling vulnerability in multiple products
Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling
network
low complexity
apache fedoraproject debian oracle apple CWE-444
critical
9.8
2022-02-09 CVE-2021-41442 HTTP Request Smuggling vulnerability in Dlink Dir-X1860 Firmware 1.03
An HTTP smuggling attack in the web application of D-Link DIR-X1860 before v1.10WWB09_Beta allows a remote unauthenticated attacker to DoS the web application via sending a specific HTTP packet.
network
low complexity
dlink CWE-444
7.5
2022-01-28 CVE-2021-42791 HTTP Request Smuggling vulnerability in Veridiumid Veridiumad 2.5.3.0
An issue was discovered in VeridiumID VeridiumAD 2.5.3.0.
network
low complexity
veridiumid CWE-444
7.3
2022-01-26 CVE-2022-23959 HTTP Request Smuggling vulnerability in multiple products
In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS before 6.0.10, and and Varnish Enterprise (Cache Plus) 4.1.x before 4.1.11r6 and 6.0.x before 6.0.9r4, request smuggling can occur for HTTP/1 connections.
9.1
2022-01-18 CVE-2022-22690 HTTP Request Smuggling vulnerability in Umbraco CMS
Within the Umbraco CMS, a configuration element named "UmbracoApplicationUrl" (or just "ApplicationUrl") is used whenever application code needs to build a URL pointing back to the site.
network
low complexity
umbraco CWE-444
7.5
2022-01-18 CVE-2022-22691 HTTP Request Smuggling vulnerability in Umbraco CMS
The password reset component deployed within Umbraco uses the hostname supplied within the request host header when building a password reset URL.
network
low complexity
umbraco CWE-444
7.4
2022-01-14 CVE-2021-45468 HTTP Request Smuggling vulnerability in Imperva web Application Firewall
Imperva Web Application Firewall (WAF) before 2021-12-23 allows remote unauthenticated attackers to use "Content-Encoding: gzip" to evade WAF security controls and send malicious HTTP POST requests to web servers behind the WAF.
network
low complexity
imperva CWE-444
critical
9.8