Vulnerabilities > Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-09-24 | CVE-2021-31923 | HTTP Request Smuggling vulnerability in Pingidentity Pingaccess Ping Identity PingAccess before 5.3.3 allows HTTP request smuggling via header manipulation. | 5.3 |
2021-08-12 | CVE-2021-33056 | HTTP Request Smuggling vulnerability in Linphone Belle-Sip Belledonne Belle-sip before 4.5.20, as used in Linphone and other products, can crash via an invalid From header in a SIP message. | 7.5 |
2021-08-10 | CVE-2021-38512 | HTTP Request Smuggling vulnerability in multiple products An issue was discovered in the actix-http crate before 3.0.0-beta.9 for Rust. | 7.5 |
2021-08-05 | CVE-2021-32598 | HTTP Request Smuggling vulnerability in Fortinet Fortianalyzer An improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting') vulnerability In FortiManager and FortiAnalyzer GUI 7.0.0, 6.4.6 and below, 6.2.8 and below, 6.0.11 and below, 5.6.11 and below may allow an authenticated and remote attacker to perform an HTTP request splitting attack which gives attackers control of the remaining headers and body of the response. | 4.3 |
2021-07-14 | CVE-2021-36740 | HTTP Request Smuggling vulnerability in multiple products Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. network low complexity varnish-cache varnish-cache-project varnish-software fedoraproject debian CWE-444 | 6.5 |
2021-07-14 | CVE-2021-33683 | HTTP Request Smuggling vulnerability in SAP Internet Communication Manager and web Dispatcher SAP Web Dispatcher and Internet Communication Manager (ICM), versions - KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.73, WEBDISP 7.53, 7.73, 7.77, 7.81, 7.82, 7.83, KERNEL 7.21, 7.22, 7.49, 7.53, 7.73, 7.77, 7.81, 7.82, 7.83, process invalid HTTP header. | 4.3 |
2021-07-12 | CVE-2021-33037 | HTTP Request Smuggling vulnerability in multiple products Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. | 5.3 |
2021-07-07 | CVE-2021-32715 | HTTP Request Smuggling vulnerability in Hyper hyper is an HTTP library for rust. | 5.3 |
2021-06-29 | CVE-2021-27577 | HTTP Request Smuggling vulnerability in multiple products Incorrect handling of url fragment vulnerability of Apache Traffic Server allows an attacker to poison the cache. | 7.5 |
2021-06-29 | CVE-2021-32565 | HTTP Request Smuggling vulnerability in multiple products Invalid values in the Content-Length header sent to Apache Traffic Server allows an attacker to smuggle requests. | 7.5 |