VYPR

CWE-444

Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

BaseIncomplete

Description

The product acts as an intermediary HTTP agent (such as a proxy or firewall) in the data flow between two entities such as a client and server, but it does not interpret malformed HTTP requests or responses in ways that are consistent with how the messages will be processed by those entities that are at the ultimate destination.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-273 · CAPEC-33

CVEs mapped to this weakness (200)

page 5 of 10
  • CVE-2026-47676MedMay 28, 2026
    risk 0.27cvss 5.3epss 0.00

    Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.21, app.mount() strips the mount prefix from the incoming request path using the raw URL pathname, while route matching is performed against the percent-decoded path. This…

  • CVE-2026-40561MedMay 3, 2026
    risk 0.27cvss 5.3epss 0.00

    Starlet versions through 0.31 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Starlet incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must…

  • CVE-2026-34525MedApr 1, 2026
    risk 0.27cvss 5.3epss 0.00

    AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, multiple Host headers were allowed in aiohttp. This issue has been patched in version 3.13.4.

  • CVE-2026-26365MedFeb 23, 2026
    risk 0.26cvss 4.0epss 0.00

    Akamai Ghost on Akamai CDN edge servers before 2026-02-06 mishandles processing of custom hop-by-hop HTTP headers, where an incoming request containing the header "Connection: Transfer-Encoding" could result in a forward request with invalid message framing, depending on the…

  • CVE-2025-54142MedAug 29, 2025
    risk 0.26cvss 4.0epss 0.00

    Akamai Ghost before 2025-07-21 allows HTTP Request Smuggling via an OPTIONS request that has an entity body, because there can be a subsequent request within the persistent connection between an Akamai proxy server and an origin server, if the origin server violates certain…

  • CVE-2025-32094MedAug 7, 2025
    risk 0.26cvss 4.0epss 0.01

    An issue was discovered in Akamai Ghost, as used for the Akamai CDN platform before 2025-03-26. Under certain circumstances, a client making an HTTP/1.x OPTIONS request with an "Expect: 100-continue" header, and using obsolete line folding, can lead to a discrepancy in how two…

  • CVE-2026-44546LowJun 3, 2026
    risk 0.24cvss 3.7epss 0.00

    daphne before 4.2.2 reconstructs a raw HTTP request from Twisted's parsed headers and feeds it to autobahn for WebSocket handshake processing. Twisted does not treat \x0b, \x0c, \x1c, \x1d, \x1e, or \x85 as header line separators, but autobahn decodes header values to str and…

  • CVE-2026-2708LowApr 23, 2026
    risk 0.24cvss 3.7epss 0.00

    A request smuggling vulnerability exists in libsoup's HTTP/1 header parsing logic. The soup_message_headers_append_common() function in libsoup/soup-message-headers.c unconditionally appends each header value without validating for duplicate or conflicting Content-Length fields.…

  • CVE-2025-31958LowApr 21, 2026
    risk 0.24cvss 3.7epss 0.00

    HCL BigFix Service Management is susceptible to HTTP Request Smuggling.  HTTP request smuggling vulnerabilities arise when websites route HTTP requests through web servers with inconsistent HTTP parsing. HTTP Smuggling exploits inconsistencies in request parsing between…

  • CVE-2026-40175MedApr 10, 2026
    risk 0.24cvss 4.8epss 0.02

    Axios is a promise based HTTP client for the browser and Node.js. Versions prior to 1.15.0 and 0.3.1 are vulnerable to a specific gadget-style attack chain in which prototype pollution in a third-party dependency may be leveraged to inject unsanitized header values into outbound…

  • CVE-2026-34441MedMar 31, 2026
    risk 0.24cvss 4.8epss 0.00

    cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.40.0, cpp-httplib is vulnerable to HTTP Request Smuggling. The server's static file handler serves GET responses without consuming the request body. On HTTP/1.1 keep-alive…

  • CVE-2026-50052LowJun 3, 2026
    risk 0.15cvss epss 0.00

    In Vinyl Cache before 9.0.1 and Varnish Cache before 9.0.3, a deficiency in HTTP/2 request parsing can be exploited to launch a backend request desync attack (request smuggling), which in turn can be used for cache poisoning, authentication bypass, or possibly even information…

  • CVE-2026-4742LowMar 24, 2026
    risk 0.12cvss epss 0.00

    Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in visualfc liteide (liteidex/src/3rdparty/qjsonrpc/src/http-parser modules). This vulnerability is associated with program files http_parser.C. This issue affects liteide: before…

  • CVE-2017-12165LowJul 27, 2018
    risk 0.10cvss 2.6epss 0.02

    It was discovered that Undertow before 1.4.17, 1.3.31 and 2.0.0 processes http request headers with unusual whitespaces which can cause possible http request smuggling.

  • CVE-2026-28898lowJun 12, 2026
    risk 0.07cvss epss 0.00

    swift-nio-http2's HTTP/2-to-HTTP/1.1 codec (`HTTP2FramePayloadToHTTP1ServerCodec` / `HTTP2ToHTTP1ServerCodec`) did not validate pseudo-header values for control characters before placing them into the translated HTTP/1.1 message. A remote attacker could send an HTTP/2 request…

  • CVE-2025-55315Oct 14, 2025
    risk 0.03cvss epss 0.66

    Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network.

  • CVE-2005-2089Jul 5, 2005
    risk 0.02cvss epss 0.31

    Microsoft IIS 5.0 and 6.0 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes IIS to incorrectly handle…

  • CVE-2005-2088Jul 5, 2005
    risk 0.02cvss epss 0.20

    The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header…

  • CVE-2022-2466Aug 31, 2022
    risk 0.01cvss epss 0.01

    It was found that Quarkus 2.10.x does not terminate HTTP requests header context which may lead to unpredictable behavior.

  • CVE-2019-20444Jan 29, 2020
    risk 0.01cvss epss 0.09

    HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold."