Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-444

CWE-444

Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Parent: CWE-436 - Interpretation Conflict

The product acts as an intermediary HTTP agent (such as a proxy or firewall) in the data flow between two entities such as a client and server, but it does not interpret malformed HTTP requests or responses in ways that are consistent with how the messages will be processed by those entities that are at the ultimate destination.

334 vulnerabilities with CWE-444

CVE-2022-22691 MEDIUM

Umbraco CMS < 9.2.0 - Password Reset Token Disclosure via Host Header Manipulation

CVE-2022-22690 HIGH

Umbraco CMS < 9.2.0 - Persistent URL Overwrite via UmbracoApplicationUrl Manipulation

CVE-2021-46825 CRITICAL

Symantec ASG & ProxySG - Open Redirect

CVE-2021-25220 MEDIUM

Juniper Junos < 19.3 - HTTP Request Smuggling

CVE-2021-41442 HIGH

D-Link DIR-X1860 Firmware < 1.03 - Unauthenticated Denial of Service via HTTP Request Smuggling

CVE-2021-42791 HIGH

VeridiumID VeridiumAD 2.5.3.0 - Unauthenticated Push Notification Spoofing and Certificate Theft

CVE-2021-45468 CRITICAL

Imperva Web Application Firewall < 2021-12-23 - Unauthenticated HTTP Request Smuggling via Gzip Content-Encoding

CVE-2021-41451 HIGH

TP-Link Archer AX10 Firmware < V1_211117 - Unauthenticated HTTP Request Smuggling via HTTP/0.9 Response

CVE-2021-43797 MEDIUM

Netty <4.1.71.Final - HTTP Request Smuggling

CVE-2021-41450 HIGH

TP-Link Archer AX10 v1 Firmware < 211117 - Unauthenticated Denial of Service via HTTP Request Smuggling

CVE-2021-37253 HIGH

M-Files Web < 20.10.9524.1 - Denial of Service via Overlapping HTTP Range Headers

CVE-2021-41267 MEDIUM

Symfony/Http-Kernel - Info Disclosure

CVE-2021-41436 HIGH

ASUS GT-AX11000 < 3.0.0.4.386.45898 - Unauthenticated DoS via HTTP Request Smuggling

CVE-2021-43669 HIGH

Hyperledger Fabric 1.4.0, 2.0.0, 2.0.1, 2.3.0 - Denial of Service via Invalid Order Header

CVE-2021-22959 MEDIUM

llhttp < 2.1.4 - HTTP Request Smuggling via Header Name Parsing

CVE-2021-43610 HIGH

Belle-sip < 5.0.20 - Denial of Service via Invalid From Header in SIP Message

CVE-2021-22960 MEDIUM

llhttp < 2.1.4 and < 6.0.6 - HTTP Request Smuggling via Chunk Extension Parsing

CVE-2021-37147 HIGH

Apache Traffic Server 8.0.0-8.1.2 and 9.0.0-9.1.0 - HTTP Request Smuggling via Header Parsing

CVE-2021-29991 HIGH

Firefox < 91.0.1 - HTTP Request Smuggling via HTTP/3 Header Newline Injection

CVE-2021-41136 LOW

Puma < 4.3.8 and 5.0.0-5.5.1 - HTTP Request Smuggling via LF Character in Forwarded Headers

CVE-2021-41732 HIGH

zeek 4.1.0 - HTTP Request Smuggling

CVE-2021-31923 MEDIUM

PingAccess < 5.3.3 - HTTP Request Smuggling via Header Manipulation

CVE-2021-39214 HIGH

mitmproxy < 7.0.2 - HTTP Request Smuggling via Malicious Client/Server

CVE-2021-38162 HIGH

SAP Web Dispatcher 7.49, 7.53, 7.77, 7.81 - Unauthenticated HTTP Request Smuggling

CVE-2021-34559 MEDIUM

PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.8 - HTTP Request Smuggling

Previous Page 9 of 14 Next

Details

Vulnerabilities 334

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy