Vulnerabilities > Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

DATE CVE VULNERABILITY TITLE RISK
2021-01-11 CVE-2020-17509 HTTP Request Smuggling vulnerability in Apache Traffic Server
ATS negative cache option is vulnerable to a cache poisoning attack.
network
low complexity
apache CWE-444
7.5
2021-01-06 CVE-2020-8287 HTTP Request Smuggling vulnerability in multiple products
Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in an HTTP request (for example, two Transfer-Encoding header fields).
network
low complexity
nodejs debian fedoraproject oracle siemens CWE-444
6.5
2020-12-31 CVE-2020-35884 HTTP Request Smuggling vulnerability in multiple products
An issue was discovered in the tiny_http crate through 2020-06-16 for Rust.
network
low complexity
tiny-http-project fedoraproject CWE-444
6.5
2020-12-31 CVE-2020-35863 HTTP Request Smuggling vulnerability in Hyper
An issue was discovered in the hyper crate before 0.12.34 for Rust.
network
low complexity
hyper CWE-444
critical
9.8
2020-11-18 CVE-2020-28361 HTTP Request Smuggling vulnerability in Kamailio
Kamailio before 5.4.0, as used in Sip Express Router (SER) in Sippy Softswitch 4.5 through 5.2 and other products, allows a bypass of a header-removal protection mechanism via whitespace characters.
network
low complexity
kamailio CWE-444
5.4
2020-11-16 CVE-2020-26129 HTTP Request Smuggling vulnerability in Jetbrains Ktor
In JetBrains Ktor before 1.4.1, HTTP request smuggling was possible.
network
low complexity
jetbrains CWE-444
6.5
2020-11-08 CVE-2020-7764 HTTP Request Smuggling vulnerability in Find-My-Way Project Find-My-Way
This affects the package find-my-way before 2.2.5, from 3.0.0 and before 3.0.5.
network
low complexity
find-my-way-project CWE-444
7.5
2020-10-06 CVE-2020-25613 HTTP Request Smuggling vulnerability in multiple products
An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1.
network
low complexity
ruby-lang fedoraproject CWE-444
7.5
2020-09-18 CVE-2020-8201 HTTP Request Smuggling vulnerability in multiple products
Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users.
network
high complexity
nodejs opensuse fedoraproject CWE-444
7.4
2020-09-02 CVE-2020-15810 HTTP Request Smuggling vulnerability in multiple products
An issue was discovered in Squid before 4.13 and 5.x before 5.0.4.
6.5