Lucene search

Veracode Vulnerability DatabaseVERACODE:46838

HistoryMay 10, 2024 - 8:23 a.m.

HTTP Request Smuggling

2024-05-1008:23:53

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

http request smuggling

desynchronized responses

unauthorized access

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

6.9 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

Next is vulnerable to HTTP Request Smuggling. The vulnerability is due to inconsistent interpretation of a HTTP request, resulting in treating it as both a single request and two separate requests, leading to desynchronized responses. This allows attackers to craft HTTP request to manipulate or poison the response data seen by other users, potentially leading to unauthorized access or disclosure of sensitive information. This vulnerability is only exploitable if a route utilizes the rewrites feature.

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

6.9 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for VERACODE:46838