Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-444

CWE-444

Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Parent: CWE-436 - Interpretation Conflict

The product acts as an intermediary HTTP agent (such as a proxy or firewall) in the data flow between two entities such as a client and server, but it does not interpret malformed HTTP requests or responses in ways that are consistent with how the messages will be processed by those entities that are at the ultimate destination.

334 vulnerabilities with CWE-444

CVE-2024-24795 MEDIUM

Apache HTTP Server 2.4.0-2.4.58 - HTTP Response Splitting via Malicious Response Headers

CVE-2024-27922 CRITICAL

TOMP Bare Server < 2.0.2 - HTTP Request Smuggling

CVE-2024-22081 CRITICAL

Espec G5 <1.1.4.15 - Memory Corruption

CVE-2024-27439 MEDIUM

Apache Wicket <9.16.0 - Auth Bypass

CVE-2024-20915 MEDIUM

Oracle Application Object Library 12.2.3-12.2.13 - Unauthenticated Partial Denial of Service via HTTP Request Smuggling

CVE-2024-23452 HIGH

Apache bRPC 0.9.5-1.7.0 - HTTP Request Smuggling via Transfer-Encoding and Content-Length Header

CVE-2024-23829 MEDIUM

aiohttp < 3.9.2 - HTTP Request Smuggling via Inconsistent HTTP Parser Validation

CVE-2024-21647 MEDIUM

Puma < 5.6.8 and 6.0.0-6.4.2 - HTTP Request Smuggling via Chunked Transfer Encoding

CVE-2023-53878 HIGH

Member Login Script 3.3 - HTTP Request Smuggling via Content-Length Header Parsing

CVE-2023-29476 CRITICAL

Menlo On-Premise Appliance <2.88 - Info Disclosure

CVE-2023-4639 HIGH

Undertow Cookie Parsing - HttpOnly Cookie Exfiltration and Spoofing

CVE-2023-38522 HIGH

Apache Traffic Server <8.1.10, <9.2.4 - SSRF

CVE-2023-50811 MEDIUM

SELESTA Visual Access Manager 4.38.6 - Unauthenticated Access Control Bypass via Parameter Manipulation

CVE-2023-51747 HIGH

Apache James <3.8.1-3.7.5 - SMTP Smuggling

CVE-2023-52354 HIGH

chasquid < 1.13 - SMTP Smuggling via LF-Terminated Lines

CVE-2023-51701 MEDIUM

fastify/reply-from < 9.6.0 - HTTP Request Smuggling via Malformed Content-Type Header

CVE-2023-49584 MEDIUM

SAP Fiori launchpad - HTTP Request Smuggling via POST on Read-Only Service

CVE-2023-46589 HIGH

Apache Tomcat <11.0.0-M10 - Request Smuggling

CVE-2023-48365 CRITICAL KEV

Qlik Sense Enterprise for Windows - Unauthenticated Remote Code Execution via HTTP Request Tunneling

CVE-2023-46121 MEDIUM

yt-dlp <2023.11.14 - Cookie Exfiltration via Generic Extractor Proxy Injection

CVE-2023-47641 LOW

aiohttp < 3.8.0 - HTTP Request Smuggling via Inconsistent Content-Length and Transfer-Encoding Handling

CVE-2023-47627 MEDIUM

aiohttp < 3.8.6 - HTTP Request Smuggling via Header Parsing

CVE-2023-46846 CRITICAL

Squid 2.6-6.4 - HTTP Request Smuggling via Chunked Decoder Lenience

CVE-2023-46137 MEDIUM

Twisted <23.10.0rc1 - Info Disclosure

CVE-2023-30910 MEDIUM

HPE MSA 1060/2060/2062 Storage Firmware < IN210R004 - HTTP Request Smuggling

Previous Page 6 of 14 Next

Details

Vulnerabilities 334

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy