CWE-444
AllowedInconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
Abstraction: Base · Status: Incomplete
The product acts as an intermediary HTTP agent (such as a proxy or firewall) in the data flow between two entities such as a client and server, but it does not interpret malformed HTTP requests or responses in ways that are consistent with how the messages will be processed by those entities that are at the ultimate destination.
551 vulnerabilities reference this CWE, most recent first.
GHSA-7MCP-GWC2-4C6M
Vulnerability from github – Published: 2022-05-24 17:29 – Updated: 2022-05-25 00:00Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform clickjacking, and a multitude of other attacks depending on the architecture of the underlying system. The attack was possible due to a bug in processing of carrier-return symbols in the HTTP header names.
{
"affected": [],
"aliases": [
"CVE-2020-8201"
],
"database_specific": {
"cwe_ids": [
"CWE-444"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-09-18T21:15:00Z",
"severity": "CRITICAL"
},
"details": "Node.js \u003c 12.18.4 and \u003c 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform clickjacking, and a multitude of other attacks depending on the architecture of the underlying system. The attack was possible due to a bug in processing of carrier-return symbols in the HTTP header names.",
"id": "GHSA-7mcp-gwc2-4c6m",
"modified": "2022-05-25T00:00:28Z",
"published": "2022-05-24T17:29:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8201"
},
{
"type": "WEB",
"url": "https://hackerone.com/reports/922597"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4OOYAMJVLLCLXDTHW3V5UXNULZBBK4O6"
},
{
"type": "WEB",
"url": "https://nodejs.org/en/blog/vulnerability/september-2020-security-releases"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202101-07"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20201009-0004"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00011.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-7R84-R685-GRMG
Vulnerability from github – Published: 2022-05-24 16:59 – Updated: 2022-06-03 00:01A flaw was found in HAProxy before 2.0.6. In legacy mode, messages featuring a transfer-encoding header missing the "chunked" value were not being correctly rejected. The impact was limited but if combined with the "http-reuse always" setting, it could be used to help construct an HTTP request smuggling attack against a vulnerable component employing a lenient parser that would ignore the content-length header as soon as it saw a transfer-encoding one (even if not entirely valid according to the specification).
{
"affected": [],
"aliases": [
"CVE-2019-18277"
],
"database_specific": {
"cwe_ids": [
"CWE-444"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-10-23T14:15:00Z",
"severity": "HIGH"
},
"details": "A flaw was found in HAProxy before 2.0.6. In legacy mode, messages featuring a transfer-encoding header missing the \"chunked\" value were not being correctly rejected. The impact was limited but if combined with the \"http-reuse always\" setting, it could be used to help construct an HTTP request smuggling attack against a vulnerable component employing a lenient parser that would ignore the content-length header as soon as it saw a transfer-encoding one (even if not entirely valid according to the specification).",
"id": "GHSA-7r84-r685-grmg",
"modified": "2022-06-03T00:01:41Z",
"published": "2022-05-24T16:59:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-18277"
},
{
"type": "WEB",
"url": "https://git.haproxy.org/?p=haproxy-2.0.git;a=commit;h=196a7df44d8129d1adc795da020b722614d6a581"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00045.html"
},
{
"type": "WEB",
"url": "https://nathandavison.com/blog/haproxy-http-request-smuggling"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4174-1"
},
{
"type": "WEB",
"url": "https://www.mail-archive.com/haproxy@formilux.org/msg34926.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00016.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00019.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-7V2R-WXMG-MGVC
Vulnerability from github – Published: 2021-08-25 20:48 – Updated: 2023-06-13 21:49HTTP pipelining issues and request smuggling attacks are possible due to incorrect Transfer encoding header parsing. It is possible conduct HTTP request smuggling attacks (CL:TE/TE:TE) by sending invalid Transfer Encoding headers. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other than their own.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "tiny_http"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.8.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-35884"
],
"database_specific": {
"cwe_ids": [
"CWE-444"
],
"github_reviewed": true,
"github_reviewed_at": "2021-08-19T20:56:20Z",
"nvd_published_at": "2020-12-31T10:15:00Z",
"severity": "MODERATE"
},
"details": "HTTP pipelining issues and request smuggling attacks are possible due to incorrect Transfer encoding header parsing. It is possible conduct HTTP request smuggling attacks (CL:TE/TE:TE) by sending invalid Transfer Encoding headers. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other than their own.",
"id": "GHSA-7v2r-wxmg-mgvc",
"modified": "2023-06-13T21:49:09Z",
"published": "2021-08-25T20:48:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35884"
},
{
"type": "WEB",
"url": "https://github.com/tiny-http/tiny-http/issues/173"
},
{
"type": "WEB",
"url": "https://github.com/tiny-http/tiny-http/pull/190"
},
{
"type": "WEB",
"url": "https://github.com/tiny-http/tiny-http/commit/623b87397a569729c4bcabae747823c5668cce94"
},
{
"type": "PACKAGE",
"url": "https://github.com/tiny-http/tiny-http"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M3JDNRE5RXJOWZZZF5QSCG4GUCSLTHF2"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VO6SRTCEPEYO2OX647I3H5XUWLFDRDWL"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2020-0031.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "HTTP Request smuggling in tiny_http"
}
GHSA-7VRG-6F2Q-QGCG
Vulnerability from github – Published: 2022-05-24 17:12 – Updated: 2022-10-07 00:01There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and scheme parsing. Upgrade to versions 7.1.9 and 8.0.6 or later versions.
{
"affected": [],
"aliases": [
"CVE-2019-17559"
],
"database_specific": {
"cwe_ids": [
"CWE-444"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-03-23T22:15:00Z",
"severity": "HIGH"
},
"details": "There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and scheme parsing. Upgrade to versions 7.1.9 and 8.0.6 or later versions.",
"id": "GHSA-7vrg-6f2q-qgcg",
"modified": "2022-10-07T00:01:03Z",
"published": "2022-05-24T17:12:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17559"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r99d18d0bc4daa05e7d0e5a63e0e22701a421b2ef5a8f4f7694c43869%40%3Cannounce.trafficserver.apache.org%3E"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2020/dsa-4672"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7WFC-X4F7-GG2X
Vulnerability from github – Published: 2022-03-18 17:58 – Updated: 2022-03-18 17:58Apache Dubbo prior to 2.7.9 support Tag routing which will enable a customer to route the request to the right server. These rules are used by the customers when making a request in order to find the right endpoint. When parsing these YAML rules, Dubbo customers may enable calling arbitrary constructors.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.dubbo:dubbo"
},
"ranges": [
{
"events": [
{
"introduced": "2.7.0"
},
{
"fixed": "2.7.10"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-30180"
],
"database_specific": {
"cwe_ids": [
"CWE-444",
"CWE-94"
],
"github_reviewed": true,
"github_reviewed_at": "2021-06-02T20:19:48Z",
"nvd_published_at": "2021-06-01T14:15:00Z",
"severity": "CRITICAL"
},
"details": "Apache Dubbo prior to 2.7.9 support Tag routing which will enable a customer to route the request to the right server. These rules are used by the customers when making a request in order to find the right endpoint. When parsing these YAML rules, Dubbo customers may enable calling arbitrary constructors.",
"id": "GHSA-7wfc-x4f7-gg2x",
"modified": "2022-03-18T17:58:01Z",
"published": "2022-03-18T17:58:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-30180"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/raed526465e56204030ddf374b1959478a290e7511971d7aba2e9e39b%40%3Cdev.dubbo.apache.org%3E"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Code injection in Apache Dubbo"
}
GHSA-7WQM-436Q-GXCM
Vulnerability from github – Published: 2024-04-17 00:30 – Updated: 2024-04-17 00:30Vulnerability in the Oracle Production Scheduling product of Oracle E-Business Suite (component: Import Utility). Supported versions that are affected are 12.2.4-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Production Scheduling. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Production Scheduling accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).
{
"affected": [],
"aliases": [
"CVE-2024-21088"
],
"database_specific": {
"cwe_ids": [
"CWE-444"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-16T22:15:28Z",
"severity": "HIGH"
},
"details": "Vulnerability in the Oracle Production Scheduling product of Oracle E-Business Suite (component: Import Utility). Supported versions that are affected are 12.2.4-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Production Scheduling. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Production Scheduling accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).",
"id": "GHSA-7wqm-436q-gxcm",
"modified": "2024-04-17T00:30:56Z",
"published": "2024-04-17T00:30:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21088"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuapr2024.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-82P3-37JM-2R8W
Vulnerability from github – Published: 2022-05-24 19:16 – Updated: 2024-03-21 03:34An issue was discovered in zeek version 4.1.0. There is a HTTP request splitting vulnerability that will invalidate any ZEEK HTTP based security analysis.
{
"affected": [],
"aliases": [
"CVE-2021-41732"
],
"database_specific": {
"cwe_ids": [
"CWE-444"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-09-29T19:15:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in zeek version 4.1.0. There is a HTTP request splitting vulnerability that will invalidate any ZEEK HTTP based security analysis.",
"id": "GHSA-82p3-37jm-2r8w",
"modified": "2024-03-21T03:34:07Z",
"published": "2022-05-24T19:16:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41732"
},
{
"type": "WEB",
"url": "https://github.com/zeek/zeek/issues/1798"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-847X-X4JG-6GF4
Vulnerability from github – Published: 2025-04-21 15:31 – Updated: 2025-04-23 14:55An issue in croogo v.3.0.2 allows an attacker to perform Host header injection via the feed.rss component.
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "croogo/croogo"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "3.0.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-29643"
],
"database_specific": {
"cwe_ids": [
"CWE-444",
"CWE-74"
],
"github_reviewed": true,
"github_reviewed_at": "2025-04-21T16:55:45Z",
"nvd_published_at": "2025-04-18T15:15:53Z",
"severity": "MODERATE"
},
"details": "An issue in croogo v.3.0.2 allows an attacker to perform Host header injection via the feed.rss component.",
"id": "GHSA-847x-x4jg-6gf4",
"modified": "2025-04-23T14:55:43Z",
"published": "2025-04-21T15:31:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29643"
},
{
"type": "WEB",
"url": "https://github.com/croogo/croogo/issues/1005"
},
{
"type": "PACKAGE",
"url": "https://github.com/croogo/croogo"
},
{
"type": "WEB",
"url": "https://medium.com/@christbowel6/cve-2024-29643-host-header-injection-in-croogo-v3-0-2-0aded525f574"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
"type": "CVSS_V4"
}
],
"summary": "croogo Host header injection"
}
GHSA-8495-4G3G-X7PR
Vulnerability from github – Published: 2024-11-18 21:02 – Updated: 2025-11-03 22:50Summary
The Python parser parses newlines in chunk extensions incorrectly which can lead to request smuggling vulnerabilities under certain conditions.
Impact
If a pure Python version of aiohttp is installed (i.e. without the usual C extensions) or AIOHTTP_NO_EXTENSIONS is enabled, then an attacker may be able to execute a request smuggling attack to bypass certain firewalls or proxy protections.
Patch: https://github.com/aio-libs/aiohttp/commit/259edc369075de63e6f3a4eaade058c62af0df71
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 3.10.10"
},
"package": {
"ecosystem": "PyPI",
"name": "aiohttp"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.10.11"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-52304"
],
"database_specific": {
"cwe_ids": [
"CWE-444"
],
"github_reviewed": true,
"github_reviewed_at": "2024-11-18T21:02:32Z",
"nvd_published_at": "2024-11-18T21:15:06Z",
"severity": "MODERATE"
},
"details": "### Summary\nThe Python parser parses newlines in chunk extensions incorrectly which can lead to request smuggling vulnerabilities under certain conditions.\n\n### Impact\nIf a pure Python version of aiohttp is installed (i.e. without the usual C extensions) or `AIOHTTP_NO_EXTENSIONS` is enabled, then an attacker may be able to execute a request smuggling attack to bypass certain firewalls or proxy protections.\n\n-----\n\nPatch: https://github.com/aio-libs/aiohttp/commit/259edc369075de63e6f3a4eaade058c62af0df71",
"id": "GHSA-8495-4g3g-x7pr",
"modified": "2025-11-03T22:50:15Z",
"published": "2024-11-18T21:02:32Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-8495-4g3g-x7pr"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52304"
},
{
"type": "WEB",
"url": "https://github.com/aio-libs/aiohttp/commit/259edc369075de63e6f3a4eaade058c62af0df71"
},
{
"type": "PACKAGE",
"url": "https://github.com/aio-libs/aiohttp"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00002.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
],
"summary": "aiohttp allows request smuggling due to incorrect parsing of chunk extensions"
}
GHSA-84Q7-P226-4X5W
Vulnerability from github – Published: 2018-10-19 16:16 – Updated: 2022-09-14 01:08Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), contain an HTTP Request Smuggling Vulnerability that can result in cache poisoning.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 9.3.23.v20180228"
},
"package": {
"ecosystem": "Maven",
"name": "org.eclipse.jetty:jetty-server"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.3.24.v20180605"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 9.4.10.v20180503"
},
"package": {
"ecosystem": "Maven",
"name": "org.eclipse.jetty:jetty-server"
},
"ranges": [
{
"events": [
{
"introduced": "9.4.0"
},
{
"fixed": "9.4.11.v20180605"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2017-7656"
],
"database_specific": {
"cwe_ids": [
"CWE-444"
],
"github_reviewed": true,
"github_reviewed_at": "2020-06-16T21:24:19Z",
"nvd_published_at": "2018-06-26T15:29:00Z",
"severity": "HIGH"
},
"details": "Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), contain an HTTP Request Smuggling Vulnerability that can result in cache poisoning.",
"id": "GHSA-84q7-p226-4x5w",
"modified": "2022-09-14T01:08:10Z",
"published": "2018-10-19T16:16:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7656"
},
{
"type": "WEB",
"url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=535667"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-84q7-p226-4x5w"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272@%3Cissues.activemq.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rbf4565a0b63f9c8b07fab29352a97bbffe76ecafed8b8555c15b83c6@%3Cissues.maven.apache.org%3E"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20181014-0001"
},
{
"type": "WEB",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03953en_us"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2018/dsa-4278"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1041194"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Jetty vulnerable to cache poisoning due to inconsistent HTTP request handling (HTTP Request Smuggling)"
}
Mitigation
Use a web server that employs a strict HTTP parsing procedure, such as Apache [REF-433].
Mitigation
Use only SSL communication.
Mitigation
Terminate the client session after each request.
Mitigation
Turn all pages to non-cacheable.
CAPEC-273: HTTP Response Smuggling
An adversary manipulates and injects malicious content in the form of secret unauthorized HTTP responses, into a single HTTP response from a vulnerable or compromised back-end HTTP agent (e.g., server).
See CanPrecede relationships for possible consequences.
CAPEC-33: HTTP Request Smuggling
An adversary abuses the flexibility and discrepancies in the parsing and interpretation of HTTP Request messages using various HTTP headers, request-line and body parameters as well as message sizes (denoted by the end of message signaled by a given HTTP header) by different intermediary HTTP agents (e.g., load balancer, reverse proxy, web caching proxies, application firewalls, etc.) to secretly send unauthorized and malicious HTTP requests to a back-end HTTP agent (e.g., web server).
See CanPrecede relationships for possible consequences.