Falhas do tipo CWE-444

234 resultados
CVE-2017-7656In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabledEPSS 6.4%CVE-2023-25725CRITICALHAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka "request smuEPSS 5.5%CVE-2023-46846CRITICALSquid: request/response smuggling in http/1.1 and icapEPSS 5.3%CVE-2020-8201Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The paylEPSS 5.1%CVE-2021-21409MEDIUMPossible request smuggling in HTTP/2 due missing validation of content-lengthEPSS 4.9%CVE-2021-21299MEDIUMMultiple Transfer-Encoding headers misinterprets request payloadEPSS 4.7%CVE-2020-11076HIGHHTTP Smuggling via Transfer-Encoding Header in PumaEPSS 4.1%CVE-2021-27577Incorrect handling of url fragment leads to cache poisoningEPSS 3.5%CVE-2024-1135HIGHHTTP Request Smuggling in benoitc/gunicornEPSS 3.0%CVE-2023-25950HIGHHTTP request/response smuggling vulnerability in HAProxy version 2.7.0, and 2.6.1 to 2.6.7 allows a remote attacker to alter a legitimate usEPSS 2.9%CVE-2021-22959The parser in accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS)EPSS 2.9%CVE-2024-24795MEDIUMApache HTTP Server: HTTP Response Splitting in multiple modulesEPSS 2.9%CVE-2020-11077MEDIUMHTTP Smuggling via Transfer-Encoding Header in PumaEPSS 2.8%CVE-2022-24801HIGHHTTP Request Smuggling in twisted.webEPSS 2.8%CVE-2019-16785HIGHHTTP Request Smuggling: LF vs CRLF handling in WaitressEPSS 2.7%CVE-2017-2666MEDIUMIt was discovered in Undertow that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjEPSS 2.7%CVE-2025-56266CRITICALA Host Header Injection vulnerability in Avigilon ACM v7.10.0.20 allows attackers to execute arbitrary code via supplying a crafted URL.EPSS 2.7%CVE-2021-43797MEDIUMHTTP fails to validate against control chars in header names which may lead to HTTP request smugglingEPSS 2.7%CVE-2023-46589HIGHApache Tomcat: HTTP request smuggling via malformed trailer headersEPSS 2.7%CVE-2021-38162HIGHSAP Web Dispatcher versions - 7.49, 7.53, 7.77, 7.81, KRNL64NUC - 7.22, 7.22EXT, 7.49, KRNL64UC -7.22, 7.22EXT, 7.49, 7.53, KERNEL - 7.22, 7EPSS 2.6%