ASP.NET Security Feature Bypass Vulnerability

Inconsistent interpretation of http requests 'http request/response smuggling' in ASP.NET Core allows an authorized attacker to bypass a security feature over a network...

EUVD-2023-35250

Malicious code in bioql PyPI...

CVE-2025-1867 HTTP Response Smuggling Vulnerability in libhv

Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in ithewei libhv allows HTTP Response Smuggling.This issue affects libhv: through 1.3.3...

CVE-2024-53008

CVE-2024-53008 is confirmed in multiple advisories affecting HAProxy across Linux distributions (Amazon Linux 2023, EulerOS 2.0 SP12, Photon OS 4, TencentOS Server 4, Astra Linux). The issue is described as an insecure interpretation of HTTP requests (HTTP Request/Response Smuggling) that may all...

CVE-2024-42342

Loway - CWE-444: Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling'...

CVE-2024-42342 Loway - CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Loway - CWE-444: Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling'...

Open redirect

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Affected versions of aiohttp have a security vulnerability regarding the inconsistent interpretation of the http protocol. HTTP/1.1 is a persistent protocol, if both Content-LengthCL and Transfer-EncodingTE header...

CVE-2023-40175

An HTTP request smuggling attack vulnerability was found in Rubygem Puma. This flaw allows an attacker to gain unauthorized access to sensitive data due to an inconsistent interpretation of HTTP requests...

CVE-2023-40175 Inconsistent Interpretation of HTTP Requests in puma

Puma is a Ruby/Rack web server built for parallelism. Prior to versions 6.3.1 and 5.6.7, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies and zero-length Content-Length headers in a way that allowed HTTP request smuggling. Severity of this issue is highly dependent ...

Oracle Linux 9 : httpd (ELSA-2022-8067)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-8067 advisory. - Resolves: 2094997 - CVE-2022-26377 httpd: modproxyajp: Possible request smuggling - Resolves: 2097032 - CVE-2022-28615 httpd: out-of-bounds read in...

Debian DLA-2391-1 : ruby2.3 security update

A potential HTTP request smuggling vulnerability in WEBrick was reported. WEBrick bundled along with ruby2.3 was too tolerant against an invalid Transfer-Encoding header. This may lead to inconsistent interpretation between WEBrick and some HTTP proxy servers, which may allow the attacker to...

CVE-2020-10111

Citrix Gateway 11.1, 12.0, and 12.1 has an Inconsistent Interpretation of HTTP Requests. NOTE: Citrix disputes the reported behavior as not a security issue. Citrix ADC only caches HTTP/1.1 traffic for performance optimization...

Design/Logic Flaw

Citrix Gateway 11.1, 12.0, and 12.1 has an Inconsistent Interpretation of HTTP Requests. NOTE: Citrix disputes the reported behavior as not a security issue. Citrix ADC only caches HTTP/1.1 traffic for performance optimization...

CVE-2020-10111

CVE-2020-10111 affects Citrix Gateway 11.1, 12.0, and 12.1 with Inconsistent Interpretation of HTTP Requests (CWE-444). The issue relates to caching of HTTP/1.1 traffic by Citrix ADC for performance, with Citrix disputing it as a security issue. Several advisories/feeds describe a cache bypass vu...