Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-444 (HTTP请求的解释不一致性(HTTP请求私运)) — Vulnerability Class 160

160 vulnerabilities classified as CWE-444 (HTTP请求的解释不一致性(HTTP请求私运)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-0752 Envoyproxy: openshift service mesh envoy http header sanitization bypass leading to dos and unauthorized access 7.1 High2025-01-28
CVE-2024-12397 Io.quarkus.http/quarkus-http-core: quarkus http cookie smuggling 7.4 High2024-12-12
CVE-2024-53008 HAProxy 安全漏洞 — HAProxy 2.6 5.3AIMediumAI2024-11-28
CVE-2024-9666 Org.keycloak/keycloak-quarkus-server: keycloak proxy header handling denial-of-service (dos) vulnerability 4.7 Medium2024-11-25
CVE-2024-52304 aiohttp vulnerable to request smuggling due to incorrect parsing of chunk extensions — aiohttp 7.5 -2024-11-18
CVE-2023-4639 Undertow: cookie smuggling/spoofing — Migration Toolkit for Runtimes 1 on RHEL 8 7.4 High2024-11-17
CVE-2024-8912 HTTP Request Smuggling in Looker — Looker 8.2AIHighAI2024-10-11
CVE-2024-9622 Resteasy-netty4-cdi: resteasy-netty4: resteasy-reactor-netty: http request smuggling leading to client timeouts in resteasy-netty4 5.3 Medium2024-10-08
CVE-2024-42342 Loway - CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') — QueueMetrics 4.3 Medium2024-09-08
CVE-2024-41671 twisted.web has disordered HTTP pipeline response — twisted 8.3 High2024-07-29
CVE-2023-38522 Apache Traffic Server: Incomplete field name check allows request smuggling — Apache Traffic Server 5.3 -2024-07-26
CVE-2024-35161 Apache Traffic Server: Incomplete check for chunked trailer section allows request smuggling — Apache Traffic Server 5.3 -2024-07-26
CVE-2016-15039 mhuertos phpLDAPadmin ajax_functions.js makeHttpRequest request smuggling — phpLDAPadmin 6.3 Medium2024-07-11
CVE-2024-22279 GoRouter Denial of Service Attack — Routing Release 5.9 Medium2024-06-10
CVE-2024-23316 PingAccess HTTP Request Desynchronization Weakness — PingAccess 7.5 -2024-05-31
CVE-2024-34350 Next.js Vulnerable to HTTP Request Smuggling — next.js 7.5 High2024-05-09
CVE-2024-32638 Apache APISIX: Forward-Auth Request Smuggling — Apache APISIX 9.1 -2024-05-02
CVE-2024-1135 HTTP Request Smuggling in benoitc/gunicorn — benoitc/gunicorn 8.2 -2024-04-16
CVE-2024-27922 HTTP Handling Vulnerability in the Bare server — bare-server-node 9.8 Critical2024-03-06
CVE-2024-23452 Apache bRPC: HTTP request smuggling vulnerability — Apache bRPC 8.2 -2024-02-08
CVE-2024-23829 aiohttp's HTTP parser (the python one, not llhttp) still overly lenient about separators — aiohttp 6.5 Medium2024-01-29
CVE-2023-51701 @fastify-reply-from JSON Content-Type parsing confusion — fastify-reply-from 5.3 Medium2024-01-08
CVE-2024-21647 HTTP Request/Response Smuggling in puma — puma 5.9 Medium2024-01-08
CVE-2023-49584 Client-Side Desynchronization vulnerability in SAP Fiori Launchpad — SAP Fiori Launchpad 4.3 Medium2023-12-12
CVE-2023-46589 Apache Tomcat: HTTP request smuggling via malformed trailer headers — Apache Tomcat 7.5 -2023-11-28
CVE-2023-46121 Generic Extractor MITM Vulnerability in yt-dlp — yt-dlp 5.0 Medium2023-11-14
CVE-2023-47627 Request smuggling in aiohttp — aiohttp 5.3 Medium2023-11-14
CVE-2023-47641 Inconsistent interpretation of `Content-Length` vs. `Transfer-Encoding` in aiohttp — aiohttp 3.4 Low2023-11-14
CVE-2023-46846 Squid: request/response smuggling in http/1.1 and icap 9.3 Critical2023-11-03
CVE-2023-46137 twisted.web has disordered HTTP pipeline response — twisted 5.3 Medium2023-10-25

Vulnerabilities classified as CWE-444 (HTTP请求的解释不一致性(HTTP请求私运)) represent 160 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.