Vulnerabilities > Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-07-14 | CVE-2022-32214 | HTTP Request Smuggling vulnerability in multiple products The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. | 6.5 |
| 2022-07-14 | CVE-2022-32215 | HTTP Request Smuggling vulnerability in multiple products The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly handle multi-line Transfer-Encoding headers. | 6.5 |
| 2022-07-07 | CVE-2021-46825 | HTTP Request Smuggling vulnerability in Broadcom Advanced Secure Gateway and Proxysg Symantec Advanced Secure Gateway (ASG) and ProxySG are susceptible to an HTTP desync vulnerability. | 9.1 |
| 2022-06-27 | CVE-2022-31081 | HTTP Request Smuggling vulnerability in multiple products HTTP::Daemon is a simple http server class written in perl. | 6.5 |
| 2022-06-09 | CVE-2022-26377 | HTTP Request Smuggling vulnerability in multiple products Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. | 7.5 |
| 2022-05-25 | CVE-2022-29361 | HTTP Request Smuggling vulnerability in Palletsprojects Werkzeug Improper parsing of HTTP requests in Pallets Werkzeug v2.1.0 and below allows attackers to perform HTTP Request Smuggling using a crafted HTTP request with multiple requests included inside the body. | 9.8 |
| 2022-04-11 | CVE-2022-0552 | HTTP Request Smuggling vulnerability in Redhat Origin-Aggregated-Logging 3.11 A flaw was found in the original fix for the netty-codec-http CVE-2021-21409, where the OpenShift Logging openshift-logging/elasticsearch6-rhel8 container was incomplete. | 5.9 |
| 2022-04-04 | CVE-2022-24801 | HTTP Request Smuggling vulnerability in multiple products Twisted is an event-based framework for internet applications, supporting Python 3.6+. | 8.1 |
| 2022-03-30 | CVE-2022-24790 | HTTP Request Smuggling vulnerability in multiple products Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications. | 7.5 |
| 2022-03-23 | CVE-2021-25220 | HTTP Request Smuggling vulnerability in multiple products BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -> 9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not been tested as they are EOL. | 6.8 |