Vulnerabilities > Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-01-11 | CVE-2020-17509 | HTTP Request Smuggling vulnerability in Apache Traffic Server ATS negative cache option is vulnerable to a cache poisoning attack. | 7.5 |
2021-01-06 | CVE-2020-8287 | HTTP Request Smuggling vulnerability in multiple products Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in an HTTP request (for example, two Transfer-Encoding header fields). | 6.5 |
2020-12-31 | CVE-2020-35884 | HTTP Request Smuggling vulnerability in multiple products An issue was discovered in the tiny_http crate through 2020-06-16 for Rust. | 6.5 |
2020-12-31 | CVE-2020-35863 | HTTP Request Smuggling vulnerability in Hyper An issue was discovered in the hyper crate before 0.12.34 for Rust. | 9.8 |
2020-11-18 | CVE-2020-28361 | HTTP Request Smuggling vulnerability in Kamailio Kamailio before 5.4.0, as used in Sip Express Router (SER) in Sippy Softswitch 4.5 through 5.2 and other products, allows a bypass of a header-removal protection mechanism via whitespace characters. | 5.4 |
2020-11-16 | CVE-2020-26129 | HTTP Request Smuggling vulnerability in Jetbrains Ktor In JetBrains Ktor before 1.4.1, HTTP request smuggling was possible. | 6.5 |
2020-11-08 | CVE-2020-7764 | HTTP Request Smuggling vulnerability in Find-My-Way Project Find-My-Way This affects the package find-my-way before 2.2.5, from 3.0.0 and before 3.0.5. | 7.5 |
2020-10-06 | CVE-2020-25613 | HTTP Request Smuggling vulnerability in multiple products An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. | 7.5 |
2020-09-18 | CVE-2020-8201 | HTTP Request Smuggling vulnerability in multiple products Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. | 7.4 |
2020-09-02 | CVE-2020-15810 | HTTP Request Smuggling vulnerability in multiple products An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. | 6.5 |