CWE-444

Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Parent: CWE-436 - Interpretation Conflict

The product acts as an intermediary HTTP agent (such as a proxy or firewall) in the data flow between two entities such as a client and server, but it does not interpret malformed HTTP requests or responses in ways that are consistent with how the messages will be processed by those entities that are at the ultimate destination.

334 vulnerabilities with CWE-444
CVE-2020-5129 HIGH
SonicWall SMA1000 Firmware < 12.1.0-06411 - Unauthenticated Denial of Service via HTTP Extraweb Server
CVSS 7.5
CVE-2020-1944 CRITICAL
Apache Traffic Server 6.0.0-6.2.3, 7.0.0-7.1.8, 8.0.0-8.0.5 - HTTP Request Smuggling
CVSS 9.8
CVE-2020-10109 CRITICAL
Twisted Web < 19.10.0 - HTTP Request Smuggling via Content-Length and Chunked Encoding
CVSS 9.8
CVE-2020-10108 CRITICAL
Twisted Web < 19.10.0 - HTTP Request Smuggling via Dual Content-Length Headers
CVSS 9.8
CVE-2020-10112 MEDIUM
Citrix Gateway 11.1 12.0 12.1 - Cache Poisoning
CVSS 5.4
CVE-2020-10111 HIGH
Citrix Gateway 11.1 12.0 12.1 - HTTP Request Smuggling
CVSS 7.5
CVE-2020-5401 MEDIUM
Cloud Foundry Routing Release < 0.197.0 - Denial of Service via Invalid Header Caching
CVSS 5.3
CVE-2020-1935 MEDIUM
Apache Tomcat 7.0.0-7.0.99, 8.5.0-8.5.50, 9.0.0.M1-9.0.30 - HTTP Request Smuggling via Invalid Transfer-Encoding Header
CVSS 4.8
CVE-2020-5220 MEDIUM
Sylius ResourceBundle 1.3.0-1.3.12, 1.4.0-1.4.5, 1.5.0, 1.6.0-1.6.2 - Data Exposure via Serialization Group HTTP Header
CVSS 4.4
CVE-2020-5218 MEDIUM
Sylius 1.3.0-1.3.12 - Inconsistent Interpretation of HTTP Requests via _channel_code Parameter
CVSS 4.4
CVE-2020-5207 MEDIUM
Ktor < 1.3.0 - HTTP Request Smuggling via Header Parsing Inconsistency
CVSS 5.4
CVE-2020-7238 HIGH
Netty 4.1.43.Final - HTTP Request Smuggling via Transfer-Encoding Whitespace
CVSS 7.5
CVE-2019-17567 MEDIUM
Apache HTTP Server 2.4.6-2.4.46 - HTTP Request Smuggling via mod_proxy_wstunnel
CVSS 5.3
CVE-2019-19326 MEDIUM
Silverstripe CMS <4.4.4 - Web Cache Poisoning
CVSS 5.9
CVE-2019-20866 MEDIUM
Mattermost Server < 5.12.0 - HTTP Request Smuggling via Proxy Header Mishandling
CVSS 5.3
CVE-2019-17565 CRITICAL
Apache Traffic Server 6.0.0-6.2.3, 7.0.0-7.1.8, 8.0.0-8.0.5 - HTTP Request Smuggling via Chunked Encoding
CVSS 9.8
CVE-2019-17559 CRITICAL
Apache Traffic Server 6.0.0-6.2.3, 7.0.0-7.1.8, 8.0.0-8.0.5 - HTTP Request Smuggling via Scheme Parsing
CVSS 9.8
CVE-2019-19223 HIGH
D-Link DSL-2680 Firmware EU_1.03 - Unauthenticated Denial of Service via Reboot Request
CVSS 7.5
CVE-2019-17569 MEDIUM
Apache Tomcat 7.0.98-7.0.99, 8.5.48-8.5.50, 9.0.28-9.0.30 - HTTP Request Smuggling via Invalid Transfer-Encoding Header
CVSS 4.8
CVE-2019-15605 CRITICAL
Node.js 10.0.0-10.18.9, 13.0.0-13.7.0 - HTTP Request Smuggling via Malformed Transfer-Encoding
CVSS 9.8
CVE-2019-20445 CRITICAL
Netty < 4.1.44 - HTTP Request Smuggling via Duplicate Content-Length Header
CVSS 9.1
CVE-2019-20444 CRITICAL
Netty < 4.1.44 - HTTP Request Smuggling via Malformed HTTP Header
CVSS 9.1
CVE-2019-16792 HIGH
Waitress < 1.4.0 - HTTP Request Smuggling via Double Content-Length Header
CVSS 7.1
CVE-2019-20372 MEDIUM
NGINX < 1.17.7 - HTTP Request Smuggling via error_page Configuration
CVSS 5.3
CVE-2019-16789 HIGH
Waitress <1.4.0 - HTTP Request Smuggling
CVSS 7.1
Details
Vulnerabilities 334
Links
MITRE CWE Entry Search this CWE With Exploits