Vulnerabilities > Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

DATE CVE VULNERABILITY TITLE RISK
2021-06-10 CVE-2019-17567 HTTP Request Smuggling vulnerability in multiple products
Apache HTTP Server versions 2.4.6 to 2.4.46 mod_proxy_wstunnel configured on an URL that is not necessarily Upgraded by the origin server was tunneling the whole connection regardless, thus allowing for subsequent requests on the same connection to pass through with no HTTP validation, authentication or authorization possibly configured.
network
low complexity
apache fedoraproject oracle CWE-444
5.3
2021-06-01 CVE-2021-30180 HTTP Request Smuggling vulnerability in Apache Dubbo
Apache Dubbo prior to 2.7.9 support Tag routing which will enable a customer to route the request to the right server.
network
low complexity
apache CWE-444
critical
9.8
2021-05-14 CVE-2021-31922 HTTP Request Smuggling vulnerability in Pulsesecure Virtual Traffic Manager
An HTTP Request Smuggling vulnerability in Pulse Secure Virtual Traffic Manager before 21.1 could allow an attacker to smuggle an HTTP request through an HTTP/2 Header.
network
low complexity
pulsesecure CWE-444
7.5
2021-03-19 CVE-2020-25097 HTTP Request Smuggling vulnerability in multiple products
An issue was discovered in Squid through 4.13 and 5.x through 5.0.4.
network
low complexity
squid-cache debian fedoraproject netapp CWE-444
8.6
2021-02-23 CVE-2021-20220 HTTP Request Smuggling vulnerability in multiple products
A flaw was found in Undertow.
network
high complexity
redhat netapp CWE-444
4.8
2021-02-17 CVE-2021-23339 HTTP Request Smuggling vulnerability in Lightbend Akka-Http
This affects all versions before 10.1.14 and from 10.2.0 to 10.2.4 of package com.typesafe.akka:akka-http-core.
network
low complexity
lightbend CWE-444
6.5
2021-02-15 CVE-2021-23336 HTTP Request Smuggling vulnerability in multiple products
The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking.
5.9
2021-02-06 CVE-2021-22293 HTTP Request Smuggling vulnerability in Huawei Campusinsight, Manageone and Taurus-Al00A Firmware
Some Huawei products have an inconsistent interpretation of HTTP requests vulnerability.
network
low complexity
huawei CWE-444
7.5
2021-02-03 CVE-2021-25762 HTTP Request Smuggling vulnerability in Jetbrains Ktor
In JetBrains Ktor before 1.4.3, HTTP Request Smuggling was possible.
network
low complexity
jetbrains CWE-444
5.3
2021-01-12 CVE-2021-21445 HTTP Request Smuggling vulnerability in SAP Commerce Cloud
SAP Commerce Cloud, versions - 1808, 1811, 1905, 2005, 2011, allows an authenticated attacker to include invalidated data in the HTTP response Content Type header, due to improper input validation, and sent to a Web user.
network
low complexity
sap CWE-444
5.4