Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-444

CWE-444

Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Parent: CWE-436 - Interpretation Conflict

The product acts as an intermediary HTTP agent (such as a proxy or firewall) in the data flow between two entities such as a client and server, but it does not interpret malformed HTTP requests or responses in ways that are consistent with how the messages will be processed by those entities that are at the ultimate destination.

334 vulnerabilities with CWE-444

CVE-2025-31958 LOW

HCL BigFix Service Management (SM) is susceptible to HTTP Request Smuggling

CVE-2025-65114 HIGH

Apache Traffic Server: Malformed chunked message body allows request smuggling

CVE-2025-12811 MEDIUM

Delinea Cloud Suite - HTTP Request Smuggling

CVE-2025-55018 MEDIUM

Fortinet FortiOS 7.6.0, 7.4.0-7.4.9, 7.2.0-7.2.12, 7.0.0-7.0.18, 6.4.3-6.4.15 - HTTP Request Smuggling

CVE-2025-41082 MEDIUM

Altitude Communication Server - SSRF

CVE-2025-69225 MEDIUM

aiohttp < 3.13.3 - HTTP Request Smuggling via Range Header

CVE-2025-69224 MEDIUM

aiohttp < 3.13.3 - HTTP Request Smuggling via Non-ASCII Character Bypass

CVE-2025-12874 MEDIUM

Quest Coexistence Manager for Notes <3.8.2045 - SSRF

CVE-2025-14523 HIGH

Red Hat Enterprise Linux - HTTP Request Smuggling via Duplicate Host Header Handling

CVE-2025-61258 HIGH

Outsystems Platform Server <11.18.1.37828 - DoS

CVE-2025-66373 MEDIUM

Akamai Ghost < 2025-11-17 - HTTP Request Smuggling via Chunked Body Size Mismatch

CVE-2025-12642 CRITICAL

lighttpd 1.4.80 - HTTP Header Smuggling

CVE-2025-11915 MEDIUM

Google Cloud Vertex AI: Partner Models for MaaS - HTTP Request Smuggling via Proxy Desynchronization

CVE-2025-55315 CRITICAL

ASP.NET Core 2.3.0-2.3.5 - HTTP Request Smuggling via Inconsistent Request Interpretation

CVE-2025-61884 HIGH KEV

Oracle Configurator 12.2.3-12.2.14 - Unauthenticated CRLF Injection via Runtime UI

CVE-2025-59822 HIGH

http4s < 0.23.31 - HTTP Request Smuggling via Trailer Header Mishandling

CVE-2025-6999 MEDIUM

WatchGuard Fireware OS <12.11.2 - XSS

CVE-2025-56266 CRITICAL

Avigilon Access Control Manager 7.10.0.20 - Remote Code Execution via Host Header Injection

CVE-2025-58056 HIGH

Netty < 4.1.125 - HTTP Request Smuggling via Inconsistent Chunked Transfer Encoding

CVE-2025-58068 CRITICAL

eventlet < 0.40.3 - HTTP Request Smuggling via WSGI Trailer Handling

CVE-2025-54142 MEDIUM

Akamai Ghost <2025-07-21 - HTTP Request Smuggling

CVE-2025-32094 MEDIUM

Akamai Ghost < 2025-03-26 - HTTP Request Smuggling via Obsolete Line Folding

CVE-2025-52892 MEDIUM

EspoCRM < 9.1.7 - Denial of Service via Double Slash URL Path

CVE-2025-53643 HIGH

AIOHTTP <3.12.14 - Request Smuggling

CVE-2025-53628 HIGH

cpp-httplib <0.20.1 - Memory Corruption

Previous Page 3 of 14 Next

Details

Vulnerabilities 334

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy