Vulnerabilities > Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

DATE CVE VULNERABILITY TITLE RISK
2021-12-17 CVE-2021-41451 HTTP Request Smuggling vulnerability in Tp-Link Archer Ax10 Firmware 230220/230508
A misconfiguration in HTTP/1.0 and HTTP/1.1 of the web interface in TP-Link AX10v1 before V1_211117 allows a remote unauthenticated attacker to send a specially crafted HTTP request and receive a misconfigured HTTP/0.9 response, potentially leading into a cache poisoning attack.
network
low complexity
tp-link CWE-444
7.5
2021-12-08 CVE-2021-41450 HTTP Request Smuggling vulnerability in Tp-Link Archer Ax10 V1 Firmware 1.3.1/210809/211014
An HTTP request smuggling attack in TP-Link AX10v1 before v1_211117 allows a remote unauthenticated attacker to DoS the web application via sending a specific HTTP packet.
network
low complexity
tp-link CWE-444
7.5
2021-12-05 CVE-2021-37253 HTTP Request Smuggling vulnerability in M-Files web
M-Files Web before 20.10.9524.1 allows a denial of service via overlapping ranges (in HTTP requests with crafted Range or Request-Range headers).
network
low complexity
m-files CWE-444
7.5
2021-11-19 CVE-2021-41436 HTTP Request Smuggling vulnerability in Asus products
An HTTP request smuggling in web application in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT-AX56U_V2, RT-AX58U, RT-AX82U, RT-AX82U GUNDAM EDITION, RT-AX86 Series(RT-AX86U/RT-AX86S), RT-AX86U ZAKU II EDITION, RT-AX88U, RT-AX92U, TUF Gaming AX3000, TUF Gaming AX5400 (TUF-AX5400), ASUS ZenWiFi XD6, ASUS ZenWiFi AX (XT8) before 3.0.0.4.386.45898, and RT-AX68U before 3.0.0.4.386.45911, allows a remote unauthenticated attacker to DoS via sending a specially crafted HTTP packet.
network
low complexity
asus CWE-444
7.5
2021-11-18 CVE-2021-43669 HTTP Request Smuggling vulnerability in Linuxfoundation Fabric
A vulnerability has been detected in HyperLedger Fabric v1.4.0, v2.0.0, v2.0.1, v2.3.0.
network
low complexity
linuxfoundation CWE-444
7.5
2021-11-15 CVE-2021-22959 HTTP Request Smuggling vulnerability in multiple products
The parser in accepts requests with a space (SP) right after the header name before the colon.
network
low complexity
llhttp oracle debian CWE-444
6.5
2021-11-12 CVE-2021-43610 HTTP Request Smuggling vulnerability in Linphone Belle-Sip
Belledonne Belle-sip before 5.0.20 can crash applications such as Linphone via an invalid From header (request URI without a parameter) in an unauthenticated SIP message, a different issue than CVE-2021-33056.
network
low complexity
linphone CWE-444
7.5
2021-11-03 CVE-2021-22960 HTTP Request Smuggling vulnerability in multiple products
The parse function in llhttp < 2.1.4 and < 6.0.6.
network
low complexity
llhttp oracle debian CWE-444
6.5
2021-11-03 CVE-2021-29991 HTTP Request Smuggling vulnerability in Mozilla Thunderbird
Firefox incorrectly accepted a newline in a HTTP/3 header, interpretting it as two separate headers.
network
low complexity
mozilla CWE-444
8.1
2021-09-29 CVE-2021-41732 HTTP Request Smuggling vulnerability in Zeek 4.1.0
An issue was discovered in zeek version 4.1.0.
network
low complexity
zeek CWE-444
7.5