Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-444

CWE-444

Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Parent: CWE-436 - Interpretation Conflict

The product acts as an intermediary HTTP agent (such as a proxy or firewall) in the data flow between two entities such as a client and server, but it does not interpret malformed HTTP requests or responses in ways that are consistent with how the messages will be processed by those entities that are at the ultimate destination.

334 vulnerabilities with CWE-444

CVE-2019-16786 HIGH

Waitress < 1.4.0 - HTTP Request Smuggling via Transfer-Encoding Header Mishandling

CVE-2019-16785 HIGH

Waitress < 1.4.0 - HTTP Request Smuggling via Inconsistent CRLF Parsing

CVE-2019-18678 MEDIUM

Squid 3.0-4.8 - HTTP Request Smuggling via Header Whitespace

CVE-2019-18277 HIGH

HAProxy < 2.0.6 - HTTP Request Smuggling via Transfer-Encoding Header

CVE-2019-15272 MEDIUM

Cisco Unified Communications Manager - HTTP Request Smuggling via Malformed HTTP Methods

CVE-2019-16276 HIGH

Go <1.12.10, <1.13.1 - Server-Side Request Forgery

CVE-2019-16869 HIGH

Netty <4.1.42 - HTTP Request Smuggling

CVE-2019-1020012 HIGH

parse-server < 3.4.1 - Denial of Service via POST to Volatile Class

CVE-2019-0197 MEDIUM

Apache HTTP Server 2.4.34-2.4.38 - Denial of Service via HTTP/2 Upgrade Request

CVE-2018-21245 CRITICAL

Pound < 2.8 - HTTP Request Smuggling

CVE-2018-4030 HIGH

CUJO Smart Firewall 7003 - HTTP Request Smuggling via Host Header Parsing

CVE-2018-8004 MEDIUM

Apache Traffic Server <6.2.2, <7.1.3 - SSRF

CVE-2018-3908 HIGH

Samsung STH-ETH-250 Firmware 0.20.17 - HTTP Request Smuggling via Pipelined Requests

CVE-2018-3909 HIGH

Samsung STH-ETH-250 Firmware 0.20.17 - HTTP Request Smuggling via Pipelined Requests

CVE-2018-3907 CRITICAL

Samsung STH-ETH-250 Firmware 0.20.17 - HTTP Request Smuggling via Pipelined Requests

CVE-2018-7068 MEDIUM

HPE CentralView Fraud Risk Management < 6.1 - HTTP Request Smuggling via HOST Header

CVE-2017-12165 LOW

Undertow <1.4.17, <1.3.31, <2.0.0 - HTTP Request Smuggling

CVE-2017-2666 MEDIUM

Undertow < 1.3.31 - HTTP Request Smuggling via Invalid Request Line Characters

CVE-2017-7658 CRITICAL

Eclipse Jetty Server <9.2.x-9.4.x - Info Disclosure

CVE-2017-7657 CRITICAL

Eclipse Jetty <9.2.x, 9.3.x - Buffer Overflow

CVE-2017-7656 HIGH

Eclipse Jetty <9.2 - HTTP/0.9 Handling

CVE-2017-7559 MEDIUM

Undertow <2.0.0.Alpha2,<1.4.17.Final,<1.3.31.Final - SSRF

CVE-2017-12158 MEDIUM

Keycloak - Reflected XSS

CVE-2017-15643 HIGH

IKARUS Anti Virus 2.16.7 - Remote Code Execution via HTTP Update Response Manipulation

CVE-2017-7561 HIGH

Red Hat JBoss EAP 3.0.7-3.0.25.Final - Server-Side Cache Poisoning via JAX-RS Component

Previous Page 13 of 14 Next

Details

Vulnerabilities 334

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy