Vulnerabilities > Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-11-03 | CVE-2021-22960 | HTTP Request Smuggling vulnerability in multiple products The parse function in llhttp < 2.1.4 and < 6.0.6. | 6.5 |
2021-11-03 | CVE-2021-37147 | HTTP Request Smuggling vulnerability in multiple products Improper input validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests. | 7.5 |
2021-11-03 | CVE-2021-29991 | HTTP Request Smuggling vulnerability in Mozilla Firefox Firefox incorrectly accepted a newline in a HTTP/3 header, interpretting it as two separate headers. | 5.8 |
2021-10-12 | CVE-2021-41136 | HTTP Request Smuggling vulnerability in multiple products Puma is a HTTP 1.1 server for Ruby/Rack applications. | 3.7 |
2021-09-29 | CVE-2021-41732 | HTTP Request Smuggling vulnerability in Zeek 4.1.0 An issue was discovered in zeek version 4.1.0. | 7.5 |
2021-09-24 | CVE-2021-31923 | HTTP Request Smuggling vulnerability in Pingidentity Pingaccess Ping Identity PingAccess before 5.3.3 allows HTTP request smuggling via header manipulation. | 5.3 |
2021-09-16 | CVE-2021-39214 | HTTP Request Smuggling vulnerability in Mitmproxy mitmproxy is an interactive, SSL/TLS-capable intercepting proxy. | 7.5 |
2021-09-14 | CVE-2021-38162 | HTTP Request Smuggling vulnerability in SAP web Dispatcher SAP Web Dispatcher versions - 7.49, 7.53, 7.77, 7.81, KRNL64NUC - 7.22, 7.22EXT, 7.49, KRNL64UC -7.22, 7.22EXT, 7.49, 7.53, KERNEL - 7.22, 7.49, 7.53, 7.77, 7.81, 7.83 processes allow an unauthenticated attacker to submit a malicious crafted request over a network to a front-end server which may, over several attempts, result in a back-end server confusing the boundaries of malicious and legitimate messages. | 9.4 |
2021-08-31 | CVE-2021-34559 | HTTP Request Smuggling vulnerability in Pepperl-Fuchs products In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.8 a vulnerability may allow remote attackers to rewrite links and URLs in cached pages to arbitrary strings. | 5.3 |
2021-08-12 | CVE-2021-33056 | HTTP Request Smuggling vulnerability in Linphone Belle-Sip Belledonne Belle-sip before 4.5.20, as used in Linphone and other products, can crash via an invalid From header in a SIP message. | 5.0 |