Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-444

CWE-444

Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Parent: CWE-436 - Interpretation Conflict

The product acts as an intermediary HTTP agent (such as a proxy or firewall) in the data flow between two entities such as a client and server, but it does not interpret malformed HTTP requests or responses in ways that are consistent with how the messages will be processed by those entities that are at the ultimate destination.

334 vulnerabilities with CWE-444

CVE-2022-45059 HIGH

Varnish Cache 7.x < 7.1.2 and 7.2.x < 7.2.1 - HTTP Request Smuggling via Hop-by-Hop Header Handling

CVE-2022-42252 HIGH

Apache Tomcat 8.5.0-8.5.82, 9.0.0-M1-9.0.67, 10.0.0-M1-10.0.26, 10.1.0-M1-10.1.0 - HTTP Request Smuggling

CVE-2022-2880 HIGH

Go ReverseProxy - SSRF

CVE-2022-21826 MEDIUM

Ivanti Connect Secure - HTTP Request Smuggling via POST Content-Length Mismanagement

CVE-2022-2466 CRITICAL

Quarkus 2.10.0-2.10.3 - HTTP Request Smuggling via Header Context Mismanagement

CVE-2022-33988 HIGH

dproxy-nexgen - DNS Cache Poisoning via Reused Transaction ID

CVE-2022-1705 MEDIUM

GO < 1.17.12 - HTTP Request Smuggling

CVE-2022-20713 MEDIUM

Cisco Firepower Threat Defense - Cross-Site Scripting via VPN Web Client Services Input Reflection

CVE-2022-25763 HIGH

Apache Traffic Server 8.0.0-9.1.2 - HTTP Request Smuggling via HTTP/2 Request Validation

CVE-2022-31109 HIGH

laminas-diactoros < 2.11.1 - HTTP Request Smuggling via X-Forwarded-* Headers

CVE-2022-32215 MEDIUM

llhttp <14.20.1, <16.17.1, <18.9.1 - HTTP Request Smuggling via Multi-line Transfer-Encoding Header

CVE-2022-32214 MEDIUM

llhttp < 2.1.5 - HTTP Request Smuggling via CRLF Sequence Mismanagement

CVE-2022-32213 MEDIUM

llhttp < 2.1.5 - HTTP Request Smuggling via Transfer-Encoding Header

CVE-2022-31081 HIGH

HTTP::Daemon <6.15 - Privilege Escalation

CVE-2022-26377 HIGH

Apache HTTP Server 2.4.0-2.4.53 - HTTP Request Smuggling via mod_proxy_ajp

CVE-2022-29361 CRITICAL

Werkzeug < 2.1.0 - HTTP Request Smuggling via Crafted Request Body

CVE-2022-0552 MEDIUM

origin-aggregated-logging 3.11 - HTTP Request Smuggling via Incomplete Netty Codec Fix

CVE-2022-24801 HIGH

Twisted < 22.4.0 - HTTP Request Smuggling via Non-Conformant HTTP Request Parsing

CVE-2022-24790 CRITICAL

Puma < 4.3.12 and 5.0.0-5.6.4 - HTTP Request Smuggling via Proxy Request Parsing Discrepancy

CVE-2022-24766 CRITICAL

mitmproxy < 7.0.4 and >=8.0.0 - HTTP Request Smuggling

CVE-2022-24761 HIGH

Waitress < 2.1.1 - HTTP Request Smuggling via Invalid HTTP Request Parsing

CVE-2022-22720 CRITICAL

Apache HTTP Server < 2.4.52 - HTTP Request Smuggling via Inbound Connection Handling

CVE-2022-22536 CRITICAL KEV

SAP Content Server 7.53 - Unauthenticated HTTP Request Smuggling

CVE-2022-22532 CRITICAL

SAP NetWeaver Application Server Java - Memory Corruption

CVE-2022-23959 CRITICAL

Varnish Cache HTTP Request Smuggling (6.6.2, 7.0.2, 6.0.10, 4.1.11r6, 6.0.9r4)

Previous Page 8 of 14 Next

Details

Vulnerabilities 334

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy