Vulnerabilities > Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-12-17 | CVE-2021-41451 | HTTP Request Smuggling vulnerability in Tp-Link Archer Ax10 Firmware 230220/230508 A misconfiguration in HTTP/1.0 and HTTP/1.1 of the web interface in TP-Link AX10v1 before V1_211117 allows a remote unauthenticated attacker to send a specially crafted HTTP request and receive a misconfigured HTTP/0.9 response, potentially leading into a cache poisoning attack. | 7.5 |
2021-12-08 | CVE-2021-41450 | HTTP Request Smuggling vulnerability in Tp-Link Archer Ax10 V1 Firmware 1.3.1/210809/211014 An HTTP request smuggling attack in TP-Link AX10v1 before v1_211117 allows a remote unauthenticated attacker to DoS the web application via sending a specific HTTP packet. | 7.5 |
2021-12-05 | CVE-2021-37253 | HTTP Request Smuggling vulnerability in M-Files web M-Files Web before 20.10.9524.1 allows a denial of service via overlapping ranges (in HTTP requests with crafted Range or Request-Range headers). | 7.5 |
2021-11-19 | CVE-2021-41436 | HTTP Request Smuggling vulnerability in Asus products An HTTP request smuggling in web application in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT-AX56U_V2, RT-AX58U, RT-AX82U, RT-AX82U GUNDAM EDITION, RT-AX86 Series(RT-AX86U/RT-AX86S), RT-AX86U ZAKU II EDITION, RT-AX88U, RT-AX92U, TUF Gaming AX3000, TUF Gaming AX5400 (TUF-AX5400), ASUS ZenWiFi XD6, ASUS ZenWiFi AX (XT8) before 3.0.0.4.386.45898, and RT-AX68U before 3.0.0.4.386.45911, allows a remote unauthenticated attacker to DoS via sending a specially crafted HTTP packet. | 7.5 |
2021-11-18 | CVE-2021-43669 | HTTP Request Smuggling vulnerability in Linuxfoundation Fabric A vulnerability has been detected in HyperLedger Fabric v1.4.0, v2.0.0, v2.0.1, v2.3.0. | 7.5 |
2021-11-15 | CVE-2021-22959 | HTTP Request Smuggling vulnerability in multiple products The parser in accepts requests with a space (SP) right after the header name before the colon. | 6.5 |
2021-11-12 | CVE-2021-43610 | HTTP Request Smuggling vulnerability in Linphone Belle-Sip Belledonne Belle-sip before 5.0.20 can crash applications such as Linphone via an invalid From header (request URI without a parameter) in an unauthenticated SIP message, a different issue than CVE-2021-33056. | 7.5 |
2021-11-03 | CVE-2021-22960 | HTTP Request Smuggling vulnerability in multiple products The parse function in llhttp < 2.1.4 and < 6.0.6. | 6.5 |
2021-11-03 | CVE-2021-29991 | HTTP Request Smuggling vulnerability in Mozilla Thunderbird Firefox incorrectly accepted a newline in a HTTP/3 header, interpretting it as two separate headers. | 8.1 |
2021-09-29 | CVE-2021-41732 | HTTP Request Smuggling vulnerability in Zeek 4.1.0 An issue was discovered in zeek version 4.1.0. | 7.5 |