CWE-444
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
Description
The product acts as an intermediary HTTP agent (such as a proxy or firewall) in the data flow between two entities such as a client and server, but it does not interpret malformed HTTP requests or responses in ways that are consistent with how the messages will be processed by those entities that are at the ultimate destination.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-273 · CAPEC-33
CVEs mapped to this weakness (200)
page 1 of 10| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-1867 | Cri | 0.65 | — | 0.00 | Mar 3, 2025 | Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in ithewei libhv allows HTTP Response Smuggling.This issue affects libhv: through 1.3.3. | ||
| CVE-2018-3907 | Cri | 0.65 | 10.0 | 0.01 | Aug 24, 2018 | An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the… | ||
| CVE-2017-7658 | Cri | 0.65 | 9.8 | 0.21 | Jun 26, 2018 | In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP/1.x configurations), and 9.4.x (all HTTP/1.x configurations), when presented with two content-lengths headers, Jetty ignored the second. When presented with a content-length and a chunked encoding header, the… | ||
| CVE-2017-7657 | Cri | 0.65 | 9.8 | 0.16 | Jun 26, 2018 | In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size… | ||
| CVE-2026-41873 | Cri | 0.64 | 9.8 | 0.00 | Apr 28, 2026 | ** UNSUPPORTED WHEN ASSIGNED ** Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in Pony Mail leading to admin account takeover. This issue affects all versions of the Lua implementation of Pony Mail. There is a Python… | ||
| CVE-2016-10711 | Cri | 0.64 | 9.8 | 0.03 | Jan 29, 2018 | Apsis Pound before 2.8a allows request smuggling via crafted headers, a different vulnerability than CVE-2005-3751. | ||
| CVE-2023-29476 | Cri | 0.59 | 9.1 | 0.00 | Dec 14, 2024 | In Menlo On-Premise Appliance before 2.88, web policy may not be consistently applied properly to intentionally malformed client requests. This is fixed in 2.88.2+, 2.89.1+, and 2.90.1+. | ||
| CVE-2024-41110 | Cri | 0.59 | 9.9 | 0.17 | Jul 24, 2024 | Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins (AuthZ) under specific circumstances. The base… | ||
| CVE-2026-45372 | Cri | 0.57 | 9.9 | 0.00 | May 29, 2026 | cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.44.0, when cpp-httplib's server parses an incoming request, it applies percent-decoding to every header value except Location and Referer. The validity check (is_field_value) is run… | ||
| CVE-2024-23316 | Hig | 0.57 | — | 0.01 | May 31, 2024 | HTTP request desynchronization in Ping Identity PingAccess, all versions prior to 8.0.1 affected allows an attacker to send specially crafted http header requests to create a request smuggling condition for proxied requests. | ||
| CVE-2015-5740 | Cri | 0.57 | 9.8 | 0.04 | Oct 18, 2017 | The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request with two Content-length headers. | ||
| CVE-2015-5739 | Cri | 0.57 | 9.8 | 0.10 | Oct 18, 2017 | The net/http library in net/textproto/reader.go in Go before 1.4.3 does not properly parse HTTP header keys, which allows remote attackers to conduct HTTP request smuggling attacks via a space instead of a hyphen, as demonstrated by "Content Length" instead of "Content-Length." | ||
| CVE-2025-41235 | Hig | 0.56 | 8.6 | 0.00 | May 30, 2025 | Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies. | ||
| CVE-2024-38494 | Hig | 0.56 | — | 0.01 | Jul 15, 2024 | This vulnerability allows a high-privileged authenticated PAM user to achieve remote command execution on the affected PAM system by sending a specially crafted HTTP request. | ||
| CVE-2018-3909 | Hig | 0.56 | 8.6 | 0.01 | Aug 24, 2018 | An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the… | ||
| CVE-2026-23941 | Cri | 0.54 | 9.4 | 0.01 | Mar 13, 2026 | Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in Erlang OTP (inets httpd module) allows HTTP Request Smuggling. This vulnerability is associated with program files lib/inets/src/http_server/httpd_request.erl and program routines… | ||
| CVE-2025-14523 | Hig | 0.53 | 8.2 | 0.01 | Dec 11, 2025 | A flaw in libsoup’s HTTP header handling allows multiple Host: headers in a request and returns the last occurrence for server-side processing. Common front proxies often honor the first Host: header, so this mismatch can cause vhost confusion where a proxy routes a request to… | ||
| CVE-2017-8894 | Hig | 0.53 | 8.1 | 0.02 | Jul 2, 2017 | AeroAdmin 4.1 uses an insecure protocol (HTTP) to perform software updates. An attacker can hijack an update via man-in-the-middle in order to execute code in the machine. | ||
| CVE-2026-48746 | cri | 0.52 | — | 0.01 | Jun 16, 2026 | ### Summary A vulnerability in ASGI web servers and starlette's trust on those web servers enables an authentication bypass of the OpenAI API `AuthenticationMiddleware`, which was discovered during @x41sec's source code audit. It allows to use the API without providing the… | ||
| CVE-2025-43859 | Cri | 0.52 | 9.1 | 0.01 | Apr 24, 2025 | h11 is a Python implementation of HTTP/1.1. Prior to version 0.16.0, a leniency in h11's parsing of line terminators in chunked-coding message bodies can lead to request smuggling vulnerabilities under certain conditions. This issue has been patched in version 0.16.0. Since… |
- risk 0.65cvss —epss 0.00
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in ithewei libhv allows HTTP Response Smuggling.This issue affects libhv: through 1.3.3.
- risk 0.65cvss 10.0epss 0.01
An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the…
- risk 0.65cvss 9.8epss 0.21
In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP/1.x configurations), and 9.4.x (all HTTP/1.x configurations), when presented with two content-lengths headers, Jetty ignored the second. When presented with a content-length and a chunked encoding header, the…
- risk 0.65cvss 9.8epss 0.16
In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size…
- risk 0.64cvss 9.8epss 0.00
** UNSUPPORTED WHEN ASSIGNED ** Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in Pony Mail leading to admin account takeover. This issue affects all versions of the Lua implementation of Pony Mail. There is a Python…
- risk 0.64cvss 9.8epss 0.03
Apsis Pound before 2.8a allows request smuggling via crafted headers, a different vulnerability than CVE-2005-3751.
- risk 0.59cvss 9.1epss 0.00
In Menlo On-Premise Appliance before 2.88, web policy may not be consistently applied properly to intentionally malformed client requests. This is fixed in 2.88.2+, 2.89.1+, and 2.90.1+.
- risk 0.59cvss 9.9epss 0.17
Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins (AuthZ) under specific circumstances. The base…
- risk 0.57cvss 9.9epss 0.00
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.44.0, when cpp-httplib's server parses an incoming request, it applies percent-decoding to every header value except Location and Referer. The validity check (is_field_value) is run…
- risk 0.57cvss —epss 0.01
HTTP request desynchronization in Ping Identity PingAccess, all versions prior to 8.0.1 affected allows an attacker to send specially crafted http header requests to create a request smuggling condition for proxied requests.
- risk 0.57cvss 9.8epss 0.04
The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request with two Content-length headers.
- risk 0.57cvss 9.8epss 0.10
The net/http library in net/textproto/reader.go in Go before 1.4.3 does not properly parse HTTP header keys, which allows remote attackers to conduct HTTP request smuggling attacks via a space instead of a hyphen, as demonstrated by "Content Length" instead of "Content-Length."
- risk 0.56cvss 8.6epss 0.00
Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies.
- risk 0.56cvss —epss 0.01
This vulnerability allows a high-privileged authenticated PAM user to achieve remote command execution on the affected PAM system by sending a specially crafted HTTP request.
- risk 0.56cvss 8.6epss 0.01
An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the…
- risk 0.54cvss 9.4epss 0.01
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in Erlang OTP (inets httpd module) allows HTTP Request Smuggling. This vulnerability is associated with program files lib/inets/src/http_server/httpd_request.erl and program routines…
- risk 0.53cvss 8.2epss 0.01
A flaw in libsoup’s HTTP header handling allows multiple Host: headers in a request and returns the last occurrence for server-side processing. Common front proxies often honor the first Host: header, so this mismatch can cause vhost confusion where a proxy routes a request to…
- risk 0.53cvss 8.1epss 0.02
AeroAdmin 4.1 uses an insecure protocol (HTTP) to perform software updates. An attacker can hijack an update via man-in-the-middle in order to execute code in the machine.
- risk 0.52cvss —epss 0.01
### Summary A vulnerability in ASGI web servers and starlette's trust on those web servers enables an authentication bypass of the OpenAI API `AuthenticationMiddleware`, which was discovered during @x41sec's source code audit. It allows to use the API without providing the…
- risk 0.52cvss 9.1epss 0.01
h11 is a Python implementation of HTTP/1.1. Prior to version 0.16.0, a leniency in h11's parsing of line terminators in chunked-coding message bodies can lead to request smuggling vulnerabilities under certain conditions. This issue has been patched in version 0.16.0. Since…