Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-444

CWE-444

Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Parent: CWE-436 - Interpretation Conflict

The product acts as an intermediary HTTP agent (such as a proxy or firewall) in the data flow between two entities such as a client and server, but it does not interpret malformed HTTP requests or responses in ways that are consistent with how the messages will be processed by those entities that are at the ultimate destination.

334 vulnerabilities with CWE-444

CVE-2020-35884 MEDIUM

tiny-http < 0.8.0 - HTTP Request Smuggling via Malformed Transfer-Encoding Header

CVE-2020-35863 CRITICAL

hyper < 0.12.34 - HTTP Request Smuggling

CVE-2020-26281 MEDIUM

async-h1 <2.3.0 - Request Smuggling

CVE-2020-28361 MEDIUM

Kamailio < 5.4.0 - HTTP Request Smuggling via Whitespace Bypass in remove_hf Function

CVE-2020-26129 MEDIUM

JetBrains Ktor < 1.4.1 - HTTP Request Smuggling

CVE-2020-7764 MEDIUM

find-my-way <2.2.5 & 3.0.0-3.0.5 - DoS

CVE-2020-25613 HIGH

Ruby WEBrick < 1.6.0 - HTTP Request Smuggling via Transfer-Encoding Header

CVE-2020-10687 MEDIUM

Undertow < 2.2.0.Final - HTTP Request Smuggling via Invalid Characters in HTTP Request

CVE-2020-8201 HIGH

Node.js < 12.18.4-14.11 - Open Redirect

CVE-2020-15810 MEDIUM

Squid < 4.13 and 5.x < 5.0.4 - HTTP Request Smuggling via Relaxed Header Parsing

CVE-2020-9490 HIGH

Apache HTTP Server 2.4.20-2.4.43 - Denial of Service via Crafted Cache-Digest Header

CVE-2020-11993 HIGH

Apache HTTP Server 2.4.20-2.4.43 - HTTP Request Smuggling via HTTP/2 Module Logging

CVE-2020-15049 CRITICAL

Squid < 4.12 and 5.x < 5.0.3 - HTTP Request Smuggling via Content-Length Header

CVE-2020-7671 HIGH

goliath < 1.0.6 - HTTP Request Smuggling via Duplicate Content-Length Header

CVE-2020-7670 HIGH

agoo < 2.14.0 - HTTP Request Smuggling via Incorrect Content-Length and Transfer Encoding Parsing

CVE-2020-7659 HIGH

reel < 0.6.1 - HTTP Request Smuggling via Content-Length and Transfer Encoding Header Parsing

CVE-2020-10719 MEDIUM

Undertow < 2.1.1 - HTTP Request Smuggling via Invalid Chunk Size Handling

CVE-2020-7658 MEDIUM

meinheld < 1.0.2 - HTTP Request Smuggling via Incorrect Header Parsing

CVE-2020-11077 MEDIUM

Puma 3.0.0-3.12.5 - HTTP Request Smuggling via Proxy Connection Reuse

CVE-2020-11076 HIGH

Puma 3.0.0-3.12.5 and 4.0.0-4.3.3 - HTTP Request Smuggling via Invalid Transfer-Encoding Header

CVE-2020-7655 MEDIUM

netius < 1.17.58 - HTTP Request Smuggling via Transfer-Encoding Header Parsing

CVE-2020-11506 HIGH

GitLab 10.7.0-12.9.2 - Exposure of Sensitive Information via Workhorse Request Smuggling

CVE-2020-11505 HIGH

GitLab < 12.7.9, 12.8.x < 12.8.9, 12.9.x < 12.9.3 - Exposure of Sensitive Information via Workhorse Request Smuggling

CVE-2020-11724 HIGH

OpenResty < 1.15.8.4 - HTTP Request Smuggling via ngx.location.capture API

CVE-2020-7611 CRITICAL

Micronaut < 1.2.11 and 1.3.0-1.3.2 - HTTP Request Header Injection

Previous Page 11 of 14 Next

Details

Vulnerabilities 334

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy