Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-444

CWE-444

Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Parent: CWE-436 - Interpretation Conflict

The product acts as an intermediary HTTP agent (such as a proxy or firewall) in the data flow between two entities such as a client and server, but it does not interpret malformed HTTP requests or responses in ways that are consistent with how the messages will be processed by those entities that are at the ultimate destination.

334 vulnerabilities with CWE-444

CVE-2023-41265 CRITICAL KEV

Qlik Sense Enterprise for Windows <= May 2023 Patch 3 - HTTP Request Tunneling

CVE-2023-40175 HIGH

Puma < 5.6.7 - HTTP Request Smuggling via Chunked Transfer Encoding or Zero-Length Content-Length

CVE-2023-40225 HIGH

HAProxy < 2.0.32, 2.1.x-2.2.30, 2.3.x-2.4.23, 2.5.x-2.6.14, 2.7.x-2.7.9, 2.8.x-2.8.1 - HTTP Request Smuggling

CVE-2023-33934 CRITICAL

Apache Traffic Server <9.2.1 - Info Disclosure

CVE-2023-38697 MEDIUM

socketry/protocol-http1 < 0.15.1 - HTTP Request Smuggling via Malformed Chunk Encoding

CVE-2023-34037 MEDIUM

VMware Horizon Server - HTTP Smuggling

CVE-2023-35944 HIGH

Envoy <1.27.0-1.23.12 - Info Disclosure

CVE-2023-37276 MEDIUM

aiohttp < 3.8.5 - HTTP Request Smuggling via llhttp Parser

CVE-2023-33987 HIGH

SAP Web Dispatcher <7.90 - Unauthenticated RCE

CVE-2023-26137 HIGH

drogon - HTTP Response Splitting via addHeader and addCookie Functions

CVE-2023-33193 CRITICAL

emby.releases < 4.7.0.12 - HTTP Request Smuggling via Header Spoofing

CVE-2023-27238 CRITICAL

LavaLite CMS 9.0.0 - Web Cache Poisoning

CVE-2023-25950 HIGH

HAProxy 2.6.1-2.6.7 and 2.7.0 - HTTP Request Smuggling

CVE-2023-27493 HIGH

Envoy < 1.22.9 - HTTP Request Smuggling via Unsanitized Request Headers

CVE-2023-27491 MEDIUM

envoyproxy/envoy < 1.22.9 - HTTP Request Smuggling via Malformed Request Lines

CVE-2023-29141 CRITICAL

MediaWiki <1.35.10, <1.36, <1.38.6, <1.39.3 - Info Disclosure

CVE-2023-27522 HIGH

Apache HTTP Server 2.4.30-2.4.55 - HTTP Response Smuggling via mod_proxy_uwsgi Origin Response Header

CVE-2023-25690 CRITICAL

Apache HTTP Server 2.4.0-2.4.55 - HTTP Request Smuggling via mod_proxy RewriteRule

CVE-2023-25725 CRITICAL

HAProxy < 2.0.31 - HTTP Request Smuggling via Empty Header Field Names

CVE-2023-23691 HIGH

Dell PowerVault ME5012, ME5024, and ME5084 Firmware < ME5.1.1.0.5 - Unauthenticated HTTP Request Smuggling

CVE-2022-39163 MEDIUM

IBM Cognos Controller 11.0.0-11.1.0 - Client-Side Desync via HTTP Request Smuggling

CVE-2022-36760 CRITICAL

Apache HTTP Server 2.4.0-2.4.54 - HTTP Request Smuggling via mod_proxy_ajp

CVE-2022-41721 HIGH

Go net/http MaxBytesHandler - HTTP/2 Request Smuggling

CVE-2022-35256 MEDIUM

Node.js 14.0.0-14.13.1, 14.15.0-14.20.0 and llhttp < 6.0.10 - HTTP Request Smuggling via Header Field Parsing

CVE-2022-38114 MEDIUM

SolarWinds Security Event Manager - HTTP Request Smuggling and XSS

Previous Page 7 of 14 Next

Details

Vulnerabilities 334

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy