VYPR

CWE-444

Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

BaseIncomplete

Description

The product acts as an intermediary HTTP agent (such as a proxy or firewall) in the data flow between two entities such as a client and server, but it does not interpret malformed HTTP requests or responses in ways that are consistent with how the messages will be processed by those entities that are at the ultimate destination.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-273 · CAPEC-33

CVEs mapped to this weakness (200)

page 7 of 10
  • CVE-2024-29643Apr 18, 2025
    risk 0.00cvss epss 0.00

    An issue in croogo v.3.0.2 allows an attacker to perform Host header injection via the feed.rss component.

  • CVE-2025-1386Apr 11, 2025
    risk 0.00cvss epss 0.00

    When using the ch-go library, under a specific condition when the query includes a large, uncompressed malicious external data, it is possible for an attacker in control of such data to smuggle another query packet into the connection stream.

  • CVE-2024-52304Nov 18, 2024
    risk 0.00cvss epss 0.01

    aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.10.11, the Python parser parses newlines in chunk extensions incorrectly which can lead to request smuggling vulnerabilities under certain conditions. If a pure Python version of…

  • CVE-2024-49768Oct 29, 2024
    risk 0.00cvss epss 0.01

    Waitress is a Web Server Gateway Interface server for Python 2 and 3. A remote client may send a request that is exactly recv_bytes (defaults to 8192) long, followed by a secondary request using HTTP pipelining. When request lookahead is disabled (default) we won't read any more…

  • CVE-2024-47220Sep 22, 2024
    risk 0.00cvss epss 0.00

    An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n" request. NOTE: the supplier's…

  • CVE-2024-45614Sep 19, 2024
    risk 0.00cvss epss 0.01

    Puma is a Ruby/Rack web server built for parallelism. In affected versions clients could clobber values set by intermediate proxies (such as X-Forwarded-For) by providing a underscore version of the same header (X-Forwarded_For). Any users relying on proxy set variables is…

  • CVE-2024-34350May 9, 2024
    risk 0.00cvss epss 0.01

    Next.js is a React framework that can provide building blocks to create web applications. Prior to 13.5.1, an inconsistent interpretation of a crafted HTTP request meant that requests are treated as both a single request, and two separate requests by Next.js, leading to…

  • CVE-2024-27922Mar 6, 2024
    risk 0.00cvss epss 0.01

    TOMP Bare Server implements the TompHTTP bare server. A vulnerability in versions prior to 2.0.2 relates to insecure handling of HTTP requests by the @tomphttp/bare-server-node package. This flaw potentially exposes the users of the package to manipulation of their web traffic.…

  • CVE-2024-23829Jan 29, 2024
    risk 0.00cvss epss 0.01

    aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets, that must trigger error handling to robustly match frame boundaries of proxies in order to…

  • CVE-2023-52354Jan 22, 2024
    risk 0.00cvss epss 0.00

    chasquid before 1.13 allows SMTP smuggling because LF-terminated lines are accepted.

  • CVE-2023-51701Jan 8, 2024
    risk 0.00cvss epss 0.00

    fastify-reply-from is a Fastify plugin to forward the current HTTP request to another server. A reverse proxy server built with `@fastify/reply-from` could misinterpret the incoming body by passing an header `ContentType: application/json ; charset=utf-8`. This can lead to…

  • CVE-2024-21647Jan 8, 2024
    risk 0.00cvss epss 0.01

    Puma is a web server for Ruby/Rack applications built for parallelism. Prior to version 6.4.2, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies in a way that allowed HTTP request smuggling. Fixed versions limits the size of chunk extensions.…

  • CVE-2023-46589Nov 28, 2023
    risk 0.00cvss epss 0.03

    Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header…

  • CVE-2023-46121Nov 14, 2023
    risk 0.00cvss epss 0.00

    yt-dlp is a youtube-dl fork with additional features and fixes. The Generic Extractor in yt-dlp is vulnerable to an attacker setting an arbitrary proxy for a request to an arbitrary url, allowing the attacker to MITM the request made from yt-dlp's HTTP session. This could lead…

  • CVE-2023-47627Nov 14, 2023
    risk 0.00cvss epss 0.01

    aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. The HTTP parser in AIOHTTP has numerous problems with header parsing, which could lead to request smuggling. This parser is only used when AIOHTTP_NO_EXTENSIONS is enabled (or not using a prebuilt…

  • CVE-2023-47641Nov 14, 2023
    risk 0.00cvss epss 0.01

    aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Affected versions of aiohttp have a security vulnerability regarding the inconsistent interpretation of the http protocol. HTTP/1.1 is a persistent protocol, if both Content-Length(CL) and…

  • CVE-2023-46137Oct 25, 2023
    risk 0.00cvss epss 0.01

    Twisted is an event-based framework for internet applications. Prior to version 23.10.0rc1, when sending multiple HTTP requests in one TCP packet, twisted.web will process the requests asynchronously without guaranteeing the response order. If one of the endpoints is controlled…

  • CVE-2023-40175Aug 18, 2023
    risk 0.00cvss epss 0.01

    Puma is a Ruby/Rack web server built for parallelism. Prior to versions 6.3.1 and 5.6.7, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies and zero-length Content-Length headers in a way that allowed HTTP request smuggling. Severity of this issue is…

  • CVE-2023-38697Aug 4, 2023
    risk 0.00cvss epss 0.01

    protocol-http1 provides a low-level implementation of the HTTP/1 protocol. RFC 9112 Section 7.1 defined the format of chunk size, chunk data and chunk extension. The value of Content-Length header should be a string of 0-9 digits, the chunk size should be a string of hex digits…

  • CVE-2023-37276Jul 19, 2023
    risk 0.00cvss epss 0.01

    aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. aiohttp v3.8.4 and earlier are bundled with llhttp v6.0.6. Vulnerable code is used by aiohttp for its HTTP request parser when available which is the default case when installing from a wheel. This…