June 29, 2022 - Common Weakness Enumeration (CWE) is a list of software weaknesses.

CWE (Common weakness enumeration) 444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Security-Database help your corporation foresee and avoid any security risks that may impact your IT infrastructure and business applications.

October 31, 2022 - Description of CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

The product acts as an intermediary HTTP agent (such as a proxy or firewall) in the data flow between two entities such as a client and server, but it does not interpret malformed HTTP requests or responses in ways that are consistent with how the messages will be processed by those entities ...

vulnerabilityhistory.org · 2023 Copyright. All Rights Reserved. Privacy Policy

September 21, 2023 - Number one vulnerability management and threat intelligence platform documenting and explaining vulnerabilities since 1970.

May 15, 2023 - In this section, we'll explain HTTP request smuggling attacks and describe how common request smuggling vulnerabilities can arise. Labs If you're already ...

July 29, 2023 - This is a potential security issue, you are being redirected to https://nvd.nist.gov · Official websites use .gov A .gov website belongs to an official government organization in the United States

Topic Date Author Low SAP Web Dispatcher HTTP Request Smuggling 08.05.2022 Yvan Genuer Low Citrix Gateway 11.1 / 12.0 / 12.1 Cache Bypass 09.03.2020 Micha Borrmann · CVEMAP Search Results

7 8 9 10 11 12 13 14 15 16 17 18 ... 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 ...

May 26, 2023 - HTTP request smuggling (HRS) is a security exploit on the HTTP protocol that takes advantage of an inconsistency between the interpretation of Content-Length and Transfer-Encoding headers between HTTP server implementations in an HTTP proxy server chain. It was first documented in 2005 by Linhart ...

March 22, 2023 - The Common Weakness Enumeration Specification (CWE) provides a common language of discourse for discussing, finding and dealing with the causes of software security vulnerabilities as they are found in code, design, or system architecture. Each individual CWE represents a single vulnerability type.

Common Vulnerability Exposure most recent entries

May 20, 2022 - Web application security scans have indicated a potential security weakness when ACOS ADCs are used with some backend web servers. Referred to as HTTP Request Smuggling, this weakness is described in CWE-444 [1] and is addressed in this document.

The product acts as an intermediary HTTP agent (such as a proxy or firewall) in the data flow between two entities such as a client and server

July 7, 2021 - WEBrick was too tolerant against an invalid Transfer-Encoding header. This may lead to inconsistent interpretation between WEBrick and some HTTP proxy servers, which may allow the attacker to “smuggle” a request. See CWE-444 in detail.

July 30, 2021 - I had a scan run against redmine:4.1.1-passenger image and it was reported that the above CWE was found. Any ideas on how to correct or fix?