Vulnerabilities > Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

DATE CVE VULNERABILITY TITLE RISK
2021-09-24 CVE-2021-31923 HTTP Request Smuggling vulnerability in Pingidentity Pingaccess
Ping Identity PingAccess before 5.3.3 allows HTTP request smuggling via header manipulation.
network
low complexity
pingidentity CWE-444
5.3
2021-08-12 CVE-2021-33056 HTTP Request Smuggling vulnerability in Linphone Belle-Sip
Belledonne Belle-sip before 4.5.20, as used in Linphone and other products, can crash via an invalid From header in a SIP message.
network
low complexity
linphone CWE-444
7.5
2021-08-10 CVE-2021-38512 HTTP Request Smuggling vulnerability in multiple products
An issue was discovered in the actix-http crate before 3.0.0-beta.9 for Rust.
network
low complexity
actix fedoraproject CWE-444
7.5
2021-08-05 CVE-2021-32598 HTTP Request Smuggling vulnerability in Fortinet Fortianalyzer
An improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting') vulnerability In FortiManager and FortiAnalyzer GUI 7.0.0, 6.4.6 and below, 6.2.8 and below, 6.0.11 and below, 5.6.11 and below may allow an authenticated and remote attacker to perform an HTTP request splitting attack which gives attackers control of the remaining headers and body of the response.
network
low complexity
fortinet CWE-444
4.3
2021-07-14 CVE-2021-36740 HTTP Request Smuggling vulnerability in multiple products
Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request.
6.5
2021-07-14 CVE-2021-33683 HTTP Request Smuggling vulnerability in SAP Internet Communication Manager and web Dispatcher
SAP Web Dispatcher and Internet Communication Manager (ICM), versions - KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.73, WEBDISP 7.53, 7.73, 7.77, 7.81, 7.82, 7.83, KERNEL 7.21, 7.22, 7.49, 7.53, 7.73, 7.77, 7.81, 7.82, 7.83, process invalid HTTP header.
network
low complexity
sap CWE-444
4.3
2021-07-12 CVE-2021-33037 HTTP Request Smuggling vulnerability in multiple products
Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy.
network
low complexity
apache debian oracle mcafee CWE-444
5.3
2021-07-07 CVE-2021-32715 HTTP Request Smuggling vulnerability in Hyper
hyper is an HTTP library for rust.
network
low complexity
hyper CWE-444
5.3
2021-06-29 CVE-2021-27577 HTTP Request Smuggling vulnerability in multiple products
Incorrect handling of url fragment vulnerability of Apache Traffic Server allows an attacker to poison the cache.
network
low complexity
apache debian CWE-444
7.5
2021-06-29 CVE-2021-32565 HTTP Request Smuggling vulnerability in multiple products
Invalid values in the Content-Length header sent to Apache Traffic Server allows an attacker to smuggle requests.
network
low complexity
apache debian CWE-444
7.5