Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-444

CWE-444

Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Parent: CWE-436 - Interpretation Conflict

The product acts as an intermediary HTTP agent (such as a proxy or firewall) in the data flow between two entities such as a client and server, but it does not interpret malformed HTTP requests or responses in ways that are consistent with how the messages will be processed by those entities that are at the ultimate destination.

334 vulnerabilities with CWE-444

CVE-2021-33056 HIGH

Belle-sip < 4.5.20 - Denial of Service via Invalid From Header

CVE-2021-38512 HIGH

actix-http <3.0.0-beta.9 - Info Disclosure

CVE-2021-32598 MEDIUM

FortiAnalyzer and FortiManager 5.6.0-7.0.0 - Authenticated HTTP Request Smuggling via CRLF Injection

CVE-2021-36740 MEDIUM

Varnish-cache Varnish Cache < 6.0.8 - HTTP Request Smuggling

CVE-2021-33683 MEDIUM

SAP Web Dispatcher and ICM - HTTP Request Smuggling

CVE-2021-33037 MEDIUM

Apache Tomcat <10.0.7-8.5.67 - Info Disclosure

CVE-2021-32715 LOW

hyper < 0.14.10 - HTTP Request Smuggling via Malformed Content-Length Header

CVE-2021-32565 HIGH

Apache Traffic Server 7.0.0-7.1.12, 8.0.0-8.1.1, 9.0.0-9.0.1 - HTTP Request Smuggling via Content-Length Header

CVE-2021-27577 HIGH

Apache Traffic Server <9.0.2 - Info Disclosure

CVE-2021-30180 CRITICAL

Apache Dubbo < 2.7.10 - Remote Code Execution via Tag Routing YAML Parsing

CVE-2021-31922 HIGH

Pulse Secure Virtual Traffic Manager < 21.1 - HTTP Request Smuggling via HTTP/2 Header

CVE-2021-21409 MEDIUM

Netty < 4.1.61 - HTTP Request Smuggling via Single Http2HeaderFrame

CVE-2021-21295 MEDIUM

Netty < 4.1.60 - HTTP Request Smuggling via HTTP/2 to HTTP/1.1 Conversion

CVE-2021-20220 MEDIUM

Undertow < 2.0.34 and 2.1.0-2.1.6 - HTTP Request Smuggling via Invalid Character Handling

CVE-2021-23339 MEDIUM

Akka-http-core <10.1.14, 10.2.0-10.2.4 - SSRF

CVE-2021-23336 MEDIUM

Python/cpython <3.6.13, <3.7.10, <3.8.8, <3.9.2 - Web Cache Poisoning

CVE-2021-21299 MEDIUM

hyper 0.12.0-0.13.9 and 0.14.0-0.14.2 - HTTP Request Smuggling via Transfer-Encoding Header Mismanagement

CVE-2021-22293 HIGH

Huawei CampusInsight V100R019C10 - HTTP Request Smuggling

CVE-2021-25762 MEDIUM

JetBrains Ktor < 1.4.3 - HTTP Request Smuggling

CVE-2021-21445 MEDIUM

SAP Commerce Cloud 1808, 1811, 1905, 2005, 2011 - HTTP Response Smuggling via Content Type Header

CVE-2020-25097 HIGH

Squid 2.0-4.13 and 5.0-5.0.4 - HTTP Request Smuggling via uri_whitespace Configuration

CVE-2020-28483 HIGH

gin-gonic/gin - HTTP Request Smuggling via X-Forwarded-For Header

CVE-2020-28473 MEDIUM

bottle < 0.12.19 - Web Cache Poisoning via Parameter Cloaking

CVE-2020-17509 HIGH

Apache Traffic Server <8.1.0 - Cache Poisoning

CVE-2020-8287 MEDIUM

Node.js <10.23.1, 12.20.1, 14.15.4, 15.5.1 - SSRF

Previous Page 10 of 14 Next

Details

Vulnerabilities 334

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy