Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-444

CWE-444

Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Parent: CWE-436 - Interpretation Conflict

The product acts as an intermediary HTTP agent (such as a proxy or firewall) in the data flow between two entities such as a client and server, but it does not interpret malformed HTTP requests or responses in ways that are consistent with how the messages will be processed by those entities that are at the ultimate destination.

334 vulnerabilities with CWE-444

CVE-2024-52304 HIGH

aiohttp <3.10.11 - Request Smuggling

CVE-2024-52530 HIGH

GNOME libsoup < 3.6.0 - HTTP Request Smuggling via Null Byte in Header Names

CVE-2024-49768 CRITICAL

Waitress 2.0.0-3.0.0 - Time-of-check Time-of-use Race Condition via HTTP Pipelining

CVE-2024-44775 HIGH

kmqtt 0.2.7 - Denial of Service via Crafted MQTT CONNECT Packet

CVE-2024-21281 MEDIUM

Oracle Banking Liquidity Management 14.7.0.6.0 - HTTP Request Smuggling

CVE-2024-8912 HIGH

Google Cloud Looker 23.12-23.12.122 - Unauthenticated HTTP Request Smuggling

CVE-2024-9622 MEDIUM

resteasy-netty4-cdi - Denial of Service via HTTP Request Smuggling

CVE-2024-8925 LOW

PHP 8.1.0-8.1.29 - HTTP Request Smuggling via Multipart Form Data Parsing

CVE-2024-34535 MEDIUM

Mastodon < 4.1.16 - HTTP Request Smuggling via Crafted Header

CVE-2024-45614 MEDIUM

Puma < 5.6.9 - Authorization Bypass via Underscore Header Clobbering

CVE-2024-42342 MEDIUM

Loway QueueMetrics 22.11.6-24.05.5 - HTTP Request Smuggling

CVE-2024-27185 CRITICAL

Joomla Pagination - Cache Poisoning

CVE-2024-35538 MEDIUM

Typecho 1.3.0 - Client IP Spoofing via X-Forwarded-For or Client-Ip Headers

CVE-2024-41671 HIGH

Twisted < 24.7.0rc1 - HTTP Request Smuggling via Pipelined Request Mismanagement

CVE-2024-35161 HIGH

Apache Traffic Server 8.0.0-8.1.10 and 9.0.0-9.2.4 - HTTP Request Smuggling via Malformed Chunked Trailer

CVE-2024-41110 CRITICAL

Docker 19.03.0-27.1.0 - Authorization Bypass via API Request Body Omission

CVE-2024-38494 HIGH

Broadcom Symantec PAM 3.4.6 and 4.1.0-4.1.7 - Authenticated Remote Command Execution

CVE-2024-22279 MEDIUM

Cloud Foundry <0.297.0 - DoS

CVE-2024-23326 MEDIUM

Envoy < 1.27.6 - Request Smuggling via Incorrect Protocol Upgrade Handling

CVE-2024-23316 HIGH

Ping Identity PingAccess <8.0.1 - Open Redirect

CVE-2024-34350 HIGH

Next.js 13.4.0-13.5.0 - HTTP Request Smuggling via Rewrites Feature

CVE-2024-27982 MEDIUM

Node < 18.20.1, 19.x, < 20.12.1, < 21.7.2 - HTTP Request Smuggling via Malformed Content-Length Header

CVE-2024-32638 MEDIUM

Apache APISIX 3.8.0-3.9.0 - HTTP Request Smuggling via Forward-Auth Plugin

CVE-2024-21088 HIGH

Oracle E-Business Suite 12.2.4-12.2.12 - Unauthenticated HTTP Request Smuggling in Import Utility

CVE-2024-1135 HIGH

Gunicorn < 22.0.0 - HTTP Request Smuggling via Transfer-Encoding Header Mismanagement

Previous Page 5 of 14 Next

Details

Vulnerabilities 334

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy