Vulnerabilities > Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-06-10 | CVE-2019-17567 | HTTP Request Smuggling vulnerability in multiple products Apache HTTP Server versions 2.4.6 to 2.4.46 mod_proxy_wstunnel configured on an URL that is not necessarily Upgraded by the origin server was tunneling the whole connection regardless, thus allowing for subsequent requests on the same connection to pass through with no HTTP validation, authentication or authorization possibly configured. | 5.3 |
2021-06-01 | CVE-2021-30180 | HTTP Request Smuggling vulnerability in Apache Dubbo Apache Dubbo prior to 2.7.9 support Tag routing which will enable a customer to route the request to the right server. | 9.8 |
2021-05-14 | CVE-2021-31922 | HTTP Request Smuggling vulnerability in Pulsesecure Virtual Traffic Manager An HTTP Request Smuggling vulnerability in Pulse Secure Virtual Traffic Manager before 21.1 could allow an attacker to smuggle an HTTP request through an HTTP/2 Header. | 7.5 |
2021-03-19 | CVE-2020-25097 | HTTP Request Smuggling vulnerability in multiple products An issue was discovered in Squid through 4.13 and 5.x through 5.0.4. | 8.6 |
2021-02-23 | CVE-2021-20220 | HTTP Request Smuggling vulnerability in multiple products A flaw was found in Undertow. | 4.8 |
2021-02-17 | CVE-2021-23339 | HTTP Request Smuggling vulnerability in Lightbend Akka-Http This affects all versions before 10.1.14 and from 10.2.0 to 10.2.4 of package com.typesafe.akka:akka-http-core. | 6.5 |
2021-02-15 | CVE-2021-23336 | HTTP Request Smuggling vulnerability in multiple products The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. | 5.9 |
2021-02-06 | CVE-2021-22293 | HTTP Request Smuggling vulnerability in Huawei Campusinsight, Manageone and Taurus-Al00A Firmware Some Huawei products have an inconsistent interpretation of HTTP requests vulnerability. | 7.5 |
2021-02-03 | CVE-2021-25762 | HTTP Request Smuggling vulnerability in Jetbrains Ktor In JetBrains Ktor before 1.4.3, HTTP Request Smuggling was possible. | 5.3 |
2021-01-12 | CVE-2021-21445 | HTTP Request Smuggling vulnerability in SAP Commerce Cloud SAP Commerce Cloud, versions - 1808, 1811, 1905, 2005, 2011, allows an authenticated attacker to include invalidated data in the HTTP response Content Type header, due to improper input validation, and sent to a Web user. | 5.4 |