15 matches found
ASP.NET Security Feature Bypass Vulnerability
Inconsistent interpretation of http requests 'http request/response smuggling' in ASP.NET Core allows an authorized attacker to bypass a security feature over a network...
EUVD-2023-35250
Malicious code in bioql PyPI...
CVE-2025-1867 HTTP Response Smuggling Vulnerability in libhv
Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in ithewei libhv allows HTTP Response Smuggling.This issue affects libhv: through 1.3.3...
CVE-2024-53008
CVE-2024-53008 is confirmed in multiple advisories affecting HAProxy across Linux distributions (Amazon Linux 2023, EulerOS 2.0 SP12, Photon OS 4, TencentOS Server 4, Astra Linux). The issue is described as an insecure interpretation of HTTP requests (HTTP Request/Response Smuggling) that may all...
CVE-2024-42342
Loway - CWE-444: Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling'...
CVE-2024-42342 Loway - CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
Loway - CWE-444: Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling'...
Open redirect
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Affected versions of aiohttp have a security vulnerability regarding the inconsistent interpretation of the http protocol. HTTP/1.1 is a persistent protocol, if both Content-LengthCL and Transfer-EncodingTE header...
CVE-2023-40175
An HTTP request smuggling attack vulnerability was found in Rubygem Puma. This flaw allows an attacker to gain unauthorized access to sensitive data due to an inconsistent interpretation of HTTP requests...
CVE-2023-40175 Inconsistent Interpretation of HTTP Requests in puma
Puma is a Ruby/Rack web server built for parallelism. Prior to versions 6.3.1 and 5.6.7, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies and zero-length Content-Length headers in a way that allowed HTTP request smuggling. Severity of this issue is highly dependent ...
Oracle Linux 9 : httpd (ELSA-2022-8067)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-8067 advisory. - Resolves: 2094997 - CVE-2022-26377 httpd: modproxyajp: Possible request smuggling - Resolves: 2097032 - CVE-2022-28615 httpd: out-of-bounds read in...
Debian DLA-2391-1 : ruby2.3 security update
A potential HTTP request smuggling vulnerability in WEBrick was reported. WEBrick bundled along with ruby2.3 was too tolerant against an invalid Transfer-Encoding header. This may lead to inconsistent interpretation between WEBrick and some HTTP proxy servers, which may allow the attacker to...
The vulnerability of the Transfer-Encoding and Content-length headers in reverse proxy and proxy redirection mechanisms of the Apache Traffic Server allows attackers to access confidential data, compromise its integrity, and cause service failures.
The vulnerability of the Transfer-Encoding and Content-length headers in reverse proxy and proxy redirection mechanisms of the Apache Traffic Server is related to inconsistent interpretation of HTTP requests. Exploiting this vulnerability can allow an attacker to gain access to confidential data,...
CVE-2020-10111
Citrix Gateway 11.1, 12.0, and 12.1 has an Inconsistent Interpretation of HTTP Requests. NOTE: Citrix disputes the reported behavior as not a security issue. Citrix ADC only caches HTTP/1.1 traffic for performance optimization...
Design/Logic Flaw
Citrix Gateway 11.1, 12.0, and 12.1 has an Inconsistent Interpretation of HTTP Requests. NOTE: Citrix disputes the reported behavior as not a security issue. Citrix ADC only caches HTTP/1.1 traffic for performance optimization...
CVE-2020-10111
CVE-2020-10111 affects Citrix Gateway 11.1, 12.0, and 12.1 with Inconsistent Interpretation of HTTP Requests (CWE-444). The issue relates to caching of HTTP/1.1 traffic by Citrix ADC for performance, with Citrix disputing it as a security issue. Several advisories/feeds describe a cache bypass vu...