CWE-444
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
Description
The product acts as an intermediary HTTP agent (such as a proxy or firewall) in the data flow between two entities such as a client and server, but it does not interpret malformed HTTP requests or responses in ways that are consistent with how the messages will be processed by those entities that are at the ultimate destination.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-273 · CAPEC-33
CVEs mapped to this weakness (200)
page 9 of 10| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-32715 | — | 0.00 | — | 0.01 | Jul 7, 2021 | hyper is an HTTP library for rust. hyper's HTTP/1 server code had a flaw that incorrectly parses and accepts requests with a `Content-Length` header with a prefixed plus sign, when it should have been rejected as illegal. This combined with an upstream HTTP proxy that doesn't… | ||
| CVE-2021-30180 | — | 0.00 | — | 0.60 | May 31, 2021 | Apache Dubbo prior to 2.7.9 support Tag routing which will enable a customer to route the request to the right server. These rules are used by the customers when making a request in order to find the right endpoint. When parsing these YAML rules, Dubbo customers may enable… | ||
| CVE-2021-21409 | 0.00 | — | 0.05 | Mar 30, 2021 | Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.61.Final there is a vulnerability that enables request… | |||
| CVE-2021-21295 | — | 0.00 | — | 0.19 | Mar 9, 2021 | Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.60.Final there is a vulnerability that enables request… | ||
| CVE-2021-20220 | — | 0.00 | — | 0.01 | Feb 23, 2021 | A flaw was found in Undertow. A regression in the fix for CVE-2020-10687 was found. HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a… | ||
| CVE-2021-23339 | — | 0.00 | — | 0.01 | Feb 17, 2021 | This affects all versions before 10.1.14 and from 10.2.0 to 10.2.4 of package com.typesafe.akka:akka-http-core. It allows multiple Transfer-Encoding headers. | ||
| CVE-2021-21299 | — | 0.00 | — | 0.05 | Feb 11, 2021 | hyper is an open-source HTTP library for Rust (crates.io). In hyper from version 0.12.0 and before versions 0.13.10 and 0.14.3 there is a vulnerability that can enable a request smuggling attack. The HTTP server code had a flaw that incorrectly understands some requests with… | ||
| CVE-2020-28483 | — | 0.00 | — | 0.01 | Jan 20, 2021 | This affects all versions of package github.com/gin-gonic/gin. When gin is exposed directly to the internet, a client's IP can be spoofed by setting the X-Forwarded-For header. | ||
| CVE-2020-28473 | — | 0.00 | — | 0.02 | Jan 18, 2021 | The package bottle from 0 and before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the… | ||
| CVE-2020-35863 | — | 0.00 | — | 0.03 | Dec 31, 2020 | An issue was discovered in the hyper crate before 0.12.34 for Rust. HTTP request smuggling can occur. Remote code execution can occur in certain situations with an HTTP server on the loopback interface. | ||
| CVE-2020-35884 | — | 0.00 | — | 0.01 | Dec 31, 2020 | An issue was discovered in the tiny_http crate through 2020-06-16 for Rust. HTTP Request smuggling can occur via a malformed Transfer-Encoding header. | ||
| CVE-2020-26281 | — | 0.00 | — | 0.01 | Dec 21, 2020 | async-h1 is an asynchronous HTTP/1.1 parser for Rust (crates.io). There is a request smuggling vulnerability in async-h1 before version 2.3.0. This vulnerability affects any webserver that uses async-h1 behind a reverse proxy, including all such Tide applications. If the server… | ||
| CVE-2020-7764 | — | 0.00 | — | 0.02 | Nov 8, 2020 | This affects the package find-my-way before 2.2.5, from 3.0.0 and before 3.0.5. It accepts the Accept-Version' header by default, and if versioned routes are not being used, this could lead to a denial of service. Accept-Version can be used as an unkeyed header in a cache… | ||
| CVE-2020-25613 | — | 0.00 | — | 0.04 | Oct 6, 2020 | An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy… | ||
| CVE-2020-10687 | — | 0.00 | — | 0.01 | Sep 23, 2020 | A flaw was discovered in all versions of Undertow before Undertow 2.2.0.Final, where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a… | ||
| CVE-2019-19326 | — | 0.00 | — | 0.01 | Jul 15, 2020 | Silverstripe CMS sites through 4.4.4 which have opted into HTTP Cache Headers on responses served by the framework's HTTP layer can be vulnerable to web cache poisoning. Through modifying the X-Original-Url and X-HTTP-Method-Override headers, responses with malicious HTTP… | ||
| CVE-2020-7670 | — | 0.00 | — | 0.01 | Jun 10, 2020 | agoo prior to 2.14.0 allows request smuggling attacks where agoo is used as a backend and a frontend proxy also being vulnerable. HTTP pipelining issues and request smuggling attacks might be possible due to incorrect Content-Length and Transfer encoding header parsing. It is… | ||
| CVE-2020-7671 | — | 0.00 | — | 0.01 | Jun 10, 2020 | goliath through 1.0.6 allows request smuggling attacks where goliath is used as a backend and a frontend proxy also being vulnerable. It is possible to conduct HTTP request smuggling attacks by sending the Content-Length header twice. Furthermore, invalid Transfer Encoding… | ||
| CVE-2020-7659 | — | 0.00 | — | 0.01 | Jun 1, 2020 | reel through 0.6.1 allows Request Smuggling attacks due to incorrect Content-Length and Transfer encoding header parsing. It is possible to conduct HTTP request smuggling attacks by sending the Content-Length header twice. Furthermore, invalid Transfer Encoding headers were… | ||
| CVE-2020-10719 | 0.00 | — | 0.01 | May 26, 2020 | A flaw was found in Undertow in versions before 2.1.1.Final, regarding the processing of invalid HTTP requests with large chunk sizes. This flaw allows an attacker to take advantage of HTTP request smuggling. |
- CVE-2021-32715Jul 7, 2021risk 0.00cvss —epss 0.01
hyper is an HTTP library for rust. hyper's HTTP/1 server code had a flaw that incorrectly parses and accepts requests with a `Content-Length` header with a prefixed plus sign, when it should have been rejected as illegal. This combined with an upstream HTTP proxy that doesn't…
- CVE-2021-30180May 31, 2021risk 0.00cvss —epss 0.60
Apache Dubbo prior to 2.7.9 support Tag routing which will enable a customer to route the request to the right server. These rules are used by the customers when making a request in order to find the right endpoint. When parsing these YAML rules, Dubbo customers may enable…
- CVE-2021-21409Mar 30, 2021risk 0.00cvss —epss 0.05
Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.61.Final there is a vulnerability that enables request…
- CVE-2021-21295Mar 9, 2021risk 0.00cvss —epss 0.19
Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.60.Final there is a vulnerability that enables request…
- CVE-2021-20220Feb 23, 2021risk 0.00cvss —epss 0.01
A flaw was found in Undertow. A regression in the fix for CVE-2020-10687 was found. HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a…
- CVE-2021-23339Feb 17, 2021risk 0.00cvss —epss 0.01
This affects all versions before 10.1.14 and from 10.2.0 to 10.2.4 of package com.typesafe.akka:akka-http-core. It allows multiple Transfer-Encoding headers.
- CVE-2021-21299Feb 11, 2021risk 0.00cvss —epss 0.05
hyper is an open-source HTTP library for Rust (crates.io). In hyper from version 0.12.0 and before versions 0.13.10 and 0.14.3 there is a vulnerability that can enable a request smuggling attack. The HTTP server code had a flaw that incorrectly understands some requests with…
- CVE-2020-28483Jan 20, 2021risk 0.00cvss —epss 0.01
This affects all versions of package github.com/gin-gonic/gin. When gin is exposed directly to the internet, a client's IP can be spoofed by setting the X-Forwarded-For header.
- CVE-2020-28473Jan 18, 2021risk 0.00cvss —epss 0.02
The package bottle from 0 and before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the…
- CVE-2020-35863Dec 31, 2020risk 0.00cvss —epss 0.03
An issue was discovered in the hyper crate before 0.12.34 for Rust. HTTP request smuggling can occur. Remote code execution can occur in certain situations with an HTTP server on the loopback interface.
- CVE-2020-35884Dec 31, 2020risk 0.00cvss —epss 0.01
An issue was discovered in the tiny_http crate through 2020-06-16 for Rust. HTTP Request smuggling can occur via a malformed Transfer-Encoding header.
- CVE-2020-26281Dec 21, 2020risk 0.00cvss —epss 0.01
async-h1 is an asynchronous HTTP/1.1 parser for Rust (crates.io). There is a request smuggling vulnerability in async-h1 before version 2.3.0. This vulnerability affects any webserver that uses async-h1 behind a reverse proxy, including all such Tide applications. If the server…
- CVE-2020-7764Nov 8, 2020risk 0.00cvss —epss 0.02
This affects the package find-my-way before 2.2.5, from 3.0.0 and before 3.0.5. It accepts the Accept-Version' header by default, and if versioned routes are not being used, this could lead to a denial of service. Accept-Version can be used as an unkeyed header in a cache…
- CVE-2020-25613Oct 6, 2020risk 0.00cvss —epss 0.04
An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy…
- CVE-2020-10687Sep 23, 2020risk 0.00cvss —epss 0.01
A flaw was discovered in all versions of Undertow before Undertow 2.2.0.Final, where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a…
- CVE-2019-19326Jul 15, 2020risk 0.00cvss —epss 0.01
Silverstripe CMS sites through 4.4.4 which have opted into HTTP Cache Headers on responses served by the framework's HTTP layer can be vulnerable to web cache poisoning. Through modifying the X-Original-Url and X-HTTP-Method-Override headers, responses with malicious HTTP…
- CVE-2020-7670Jun 10, 2020risk 0.00cvss —epss 0.01
agoo prior to 2.14.0 allows request smuggling attacks where agoo is used as a backend and a frontend proxy also being vulnerable. HTTP pipelining issues and request smuggling attacks might be possible due to incorrect Content-Length and Transfer encoding header parsing. It is…
- CVE-2020-7671Jun 10, 2020risk 0.00cvss —epss 0.01
goliath through 1.0.6 allows request smuggling attacks where goliath is used as a backend and a frontend proxy also being vulnerable. It is possible to conduct HTTP request smuggling attacks by sending the Content-Length header twice. Furthermore, invalid Transfer Encoding…
- CVE-2020-7659Jun 1, 2020risk 0.00cvss —epss 0.01
reel through 0.6.1 allows Request Smuggling attacks due to incorrect Content-Length and Transfer encoding header parsing. It is possible to conduct HTTP request smuggling attacks by sending the Content-Length header twice. Furthermore, invalid Transfer Encoding headers were…
- CVE-2020-10719May 26, 2020risk 0.00cvss —epss 0.01
A flaw was found in Undertow in versions before 2.1.1.Final, regarding the processing of invalid HTTP requests with large chunk sizes. This flaw allows an attacker to take advantage of HTTP request smuggling.