VYPR

CWE-444

Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

BaseIncomplete

Description

The product acts as an intermediary HTTP agent (such as a proxy or firewall) in the data flow between two entities such as a client and server, but it does not interpret malformed HTTP requests or responses in ways that are consistent with how the messages will be processed by those entities that are at the ultimate destination.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-273 · CAPEC-33

CVEs mapped to this weakness (200)

page 4 of 10
  • CVE-2025-55018MedFeb 10, 2026
    risk 0.38cvss 5.8epss 0.00

    An inconsistent interpretation of http requests ('http request smuggling') vulnerability in Fortinet FortiOS 7.6.0, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4.3 through 6.4.16 may allow an unauthenticated attacker to smuggle an…

  • CVE-2026-48710MedMay 26, 2026
    risk 0.35cvss 6.5epss 0.01

    Starlette is a lightweight ASGI framework/toolkit. Prior to version 1.0.1, the HTTP `Host` request header was not validated before being used to reconstruct `request.url`. Because the routing algorithm relies on the raw HTTP path while `request.url` is rebuilt from the `Host`…

  • CVE-2025-47905MedMay 13, 2025
    risk 0.35cvss 5.4epss 0.00

    Varnish Cache before 7.6.3 and 7.7 before 7.7.1, and Varnish Enterprise before 6.0.13r14, allow client-side desync via HTTP/1 requests, because the product incorrectly permits CRLF to be skipped to delimit chunk boundaries.

  • CVE-2017-12158MedOct 26, 2017
    risk 0.35cvss 5.4epss 0.01

    It was found that Keycloak would accept a HOST header URL in the admin console and use it to determine web resource locations. An attacker could use this flaw against an authenticated user to attain reflected XSS via a malicious server.

  • CVE-2026-50020MedJun 12, 2026
    risk 0.34cvss 5.3epss 0.00

    Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, before reading the first request-line, `HttpObjectDecoder` skips every byte for which `Character.isISOControl(b)` is `true` (0x00–0x1F…

  • CVE-2026-41853MedJun 9, 2026
    risk 0.34cvss 5.3epss 0.00

    Spring MVC and WebFlux applications are vulnerable to Multipart request smuggling attacks. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48.

  • CVE-2026-49753MedJun 2, 2026
    risk 0.34cvss epss 0.00

    Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in elixir-mint Mint allows attacker-controlled HTTP/1 servers to desynchronise response framing on shared connections. Mint's HTTP/1 Content-Length parser,…

  • CVE-2026-41417MedMay 6, 2026
    risk 0.34cvss 5.3epss 0.00

    Netty allows request-line validation to be bypassed when a `DefaultHttpRequest` or `DefaultFullHttpRequest` is created first and its URI is later changed via `setUri()`. The constructors reject CRLF and whitespace characters that would break the start-line, but `setUri()` does…

  • CVE-2026-39805MedMay 1, 2026
    risk 0.34cvss epss 0.01

    Inconsistent Interpretation of HTTP Requests vulnerability in mtrudel bandit allows HTTP request smuggling via duplicate Content-Length headers. 'Elixir.Bandit.Headers':get_content_length/1 in lib/bandit/headers.ex uses List.keyfind/3, which returns only the first matching…

  • CVE-2026-2862MedApr 1, 2026
    risk 0.34cvss 5.3epss 0.00

    IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 IBM Security Verify could allow a remote attacker to…

  • CVE-2026-1491MedApr 1, 2026
    risk 0.34cvss 5.3epss 0.00

    IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 IBM Security Verify could allow a remote attacker to…

  • CVE-2026-1760MedFeb 2, 2026
    risk 0.34cvss 5.3epss 0.00

    A flaw was found in SoupServer. This HTTP request smuggling vulnerability occurs because SoupServer improperly handles requests that combine Transfer-Encoding: chunked and Connection: keep-alive headers. A remote, unauthenticated client can exploit this by sending specially…

  • CVE-2024-53008MedNov 28, 2024
    risk 0.34cvss 5.3epss 0.01

    Inconsistent interpretation of HTTP requests ('HTTP Request/Response Smuggling') issue exists in HAProxy. If this vulnerability is exploited, a remote attacker may access a path that is restricted by ACL (Access Control List) set on the product. As a result, the attacker may…

  • CVE-2024-9622MedOct 8, 2024
    risk 0.34cvss 5.3epss 0.01

    A vulnerability was found in the resteasy-netty4 library arising from improper handling of HTTP requests using smuggling techniques. When an HTTP smuggling request with an ASCII control character is sent, it causes the Netty HttpObjectDecoder to transition into a BAD_MESSAGE…

  • CVE-2016-15039MedJul 11, 2024
    risk 0.34cvss 6.3epss 0.00

    A vulnerability classified as critical was found in mhuertos phpLDAPadmin up to 665dbc2690ebeb5392d38f1fece0a654225a0b38. Affected by this vulnerability is the function makeHttpRequest of the file htdocs/js/ajax_functions.js. The manipulation leads to http request smuggling. The…

  • CVE-2026-6338MedJun 11, 2026
    risk 0.32cvss epss 0.00

    A HTTP request smuggling and desynchronization vulnerability affects Kong Gateway Enterprise 3.4, 3.10, 3.11, 3.12, 3.13, and 3.14 series. The vulnerability is caused by a parsing flaw in Kong’s HTTP request processing pipeline when handling untrusted HTTP/1.1 traffic.

  • CVE-2026-6324MedMay 29, 2026
    risk 0.31cvss 4.8epss 0.01

    A flaw was found in libsoup. A remote attacker could exploit an unsigned to signed conversion error in the `soup_body_input_stream_read_chunked()` function by sending a malicious HTTP request. This vulnerability occurs when libsoup operates behind a non-libsoup proxy server or…

  • CVE-2024-9666MedNov 25, 2024
    risk 0.31cvss 4.7epss 0.00

    A vulnerability was found in the Keycloak Server. The Keycloak Server is vulnerable to a denial of service (DoS) attack due to improper handling of proxy headers. When Keycloak is configured to accept incoming proxy headers, it may accept non-IP values, such as obfuscated…

  • CVE-2026-46342MedJun 12, 2026
    risk 0.28cvss 5.4epss 0.00

    Nuxt is an open-source web development framework for Vue.js. In Nuxt versions 3.1.0 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6 and @nuxt/nitro-server versions 3.20.0 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6, the /__nuxt_island/* endpoint accepts…

  • CVE-2026-20069MedMar 4, 2026
    risk 0.28cvss 4.3epss 0.00

    A vulnerability in the VPN web services component of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct browser-based attacks against users of an…