Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-444 (HTTP请求的解释不一致性(HTTP请求私运)) — Vulnerability Class 160

160 vulnerabilities classified as CWE-444 (HTTP请求的解释不一致性(HTTP请求私运)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2022-22532 SAP多个产品环境问题漏洞 — SAP NetWeaver Application Server Java 9.8 -2022-02-09
CVE-2021-43797 HTTP fails to validate against control chars in header names which may lead to HTTP request smuggling — netty 6.5 Medium2021-12-09
CVE-2021-41267 Webcache Poisoning in Symfony — symfony 6.5 Medium2021-11-24
CVE-2021-22959 Nodejs Core 环境问题漏洞 — Node 6.5 -2021-11-15
CVE-2021-22960 nodejs 环境问题漏洞 — Node 6.5 -2021-11-03
CVE-2021-41136 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in puma — puma 3.7 Low2021-10-12
CVE-2021-39214 Lacking Protection against HTTP Request Smuggling in mitmproxy — mitmproxy 8.1 High2021-09-16
CVE-2021-38162 SAP Web dispatcher 环境问题漏洞 — SAP Web Dispatcher 8.9 High2021-09-14
CVE-2021-34559 A vulnerability in WirelessHART-Gateway <= 3.0.8 may allow remote attackers to rewrite links and URLs in cached pages to arbitrary strings — WHA-GW-F2D2-0-AS- Z2-ETH 5.4 Medium2021-08-31
CVE-2021-33683 SAP Web Dispatcher 和 Internet Communication Manager 环境问题漏洞 — SAP Web Dispatcher and Internet Communication Manager 5.3 -2021-07-14
CVE-2021-33037 Incorrect Transfer-Encoding handling with HTTP/1.0 — Apache Tomcat 5.3 -2021-07-12
CVE-2021-32715 Lenient Parsing of Content-Length Header When Prefixed with Plus Sign — hyper 3.1 Low2021-07-07
CVE-2021-32565 HTTP Request Smuggling, content length with invalid charters — Apache Traffic Server 7.5 -2021-06-29
CVE-2021-27577 Incorrect handling of url fragment leads to cache poisoning — Apache Traffic Server 7.5 -2021-06-29
CVE-2021-21409 Possible request smuggling in HTTP/2 due missing validation of content-length — netty 5.9 Medium2021-03-30
CVE-2021-21295 Possible request smuggling in HTTP/2 due missing validation — io.netty:netty-codec-http2 5.9 Medium2021-03-09
CVE-2021-20220 Red Hat Undertow 环境问题漏洞 — undertow 6.5 -2021-02-23
CVE-2021-21299 Multiple Transfer-Encoding headers misinterprets request payload — hyper 4.8 Medium2021-02-11
CVE-2020-8287 nodejs 环境问题漏洞 — Node 6.5 -2021-01-06
CVE-2020-26281 request smuggling in async-h1 — async-h1 6.8 Medium2020-12-21
CVE-2020-10687 Red Hat Undertow 环境问题漏洞 — Undertow 4.8 -2020-09-23
CVE-2020-8201 Node.js 环境问题漏洞 — Node 7.4 -2020-09-18
CVE-2020-10719 Red Hat Undertow 环境问题漏洞 — undertow 6.5 Medium2020-05-26
CVE-2020-11077 HTTP Smuggling via Transfer-Encoding Header in Puma — puma 6.8 Medium2020-05-22
CVE-2020-11076 HTTP Smuggling via Transfer-Encoding Header in Puma — puma 7.5 High2020-05-22
CVE-2019-15605 Joyent Node.js 环境问题漏洞 — Node 9.1 -2020-02-07
CVE-2020-5218 Ability in Sylius to switch channels via GET parameter enabled in production environments — Sylius 4.4 Medium2020-01-27
CVE-2020-5220 Ability to expose data in Sylius by using an unintended serialisation group — SyliusResourceBundle 4.4 Medium2020-01-27
CVE-2020-5207 Request smuggling is possible in Ktor when both chunked TE and content length specified — Ktor 5.4 Medium2020-01-27
CVE-2019-16792 HTTP Request Smuggling: Content-Length Sent Twice in Waitress — Waitress 7.1 High2020-01-22

Vulnerabilities classified as CWE-444 (HTTP请求的解释不一致性(HTTP请求私运)) represent 160 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.