Weaknesses of type CWE-444
235 resultsCVE-2019-16789HIGHHTTP Request Smuggling in Waitress: Invalid whitespace characters in headersEPSS 2.6%CVE-2022-35256MEDIUMThe llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may resEPSS 2.6%CVE-2019-16786HIGHHTTP Request Smuggling: Invalid Transfer-Encoding in WaitressEPSS 2.5%CVE-2021-37147—Request Smuggling - LF line endingEPSS 2.4%CVE-2022-22532—In SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7EPSS 2.3%CVE-2021-22960—The parse function in llhttp < 2.1.4 and < 6.0.6. ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP ReqEPSS 2.3%CVE-2022-24790CRITICALHTTP Request Smuggling in pumaEPSS 2.1%CVE-2021-32565—HTTP Request Smuggling, content length with invalid chartersEPSS 2.1%CVE-2023-27522HIGHApache HTTP Server: mod_proxy_uwsgi HTTP response splittingEPSS 2.1%CVE-2019-16792HIGHHTTP Request Smuggling: Content-Length Sent Twice in WaitressEPSS 2.1%CVE-2022-31081HIGHInconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in HTTP::DaemonEPSS 2.1%CVE-2022-36760CRITICALApache HTTP Server: mod_proxy_ajp Possible request smugglingEPSS 1.9%CVE-2017-12165LOWIt was discovered that Undertow before 1.4.17, 1.3.31 and 2.0.0 processes http request headers with unusual whitespaces which can cause possEPSS 1.9%CVE-2022-24761HIGHHTTP Request Smuggling in waitressEPSS 1.8%CVE-2023-33193CRITICALEmby Server Proxy Header Spoofing VulnerabilityEPSS 1.7%CVE-2017-7559—In Undertow 2.x before 2.0.0.Alpha2, 1.4.x before 1.4.17.Final, and 1.3.x before 1.3.31.Final, it was found that the fix for CVE-2017-2666 wEPSS 1.7%CVE-2024-23452HIGHApache bRPC: HTTP request smuggling vulnerabilityEPSS 1.6%CVE-2022-25763MEDIUMImproper input validation on HTTP/2 headers EPSS 1.6%CVE-2022-24766CRITICALInsufficient Protection against HTTP Request Smuggling in mitmproxyEPSS 1.6%CVE-2022-42252HIGHApache Tomcat request smuggling via malformed content-lengthEPSS 1.4%