CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

Description

When malformed or abnormal HTTP requests are interpreted by one or more entities in the data flow between the user and the web server, such as a proxy or firewall, they can be interpreted inconsistently, allowing the attacker to "smuggle" a request to one device without the other device being aware of it.

Latest vulnerabilities for CWE-444

Multiple vulnerabilities in HPE Telco IP Mediation E-Media 2024-04-23
Medium Yes

SolarWinds Web Help Desk update for third-party components 2024-04-17
Medium Yes

SolarWinds Database Performance Analyzer update for third-party componets 2024-04-17
Medium Yes

Inconsistent interpretation of HTTP requests in Oracle Agile PLM Framework 2024-04-17
Medium Yes

Multiple vulnerabilities in Oracle Banking Origination 2024-04-17
High Yes

Inconsistent interpretation of HTTP requests in Oracle Managed File Transfer 2024-04-17
Medium Yes

Multiple vulnerabilities in Oracle Communications Cloud Native Core Binding Support Function 2024-04-16
High Yes

Multiple vulnerabilities in Oracle Communications Cloud Native Core Policy 2024-04-16
High Yes

Multiple vulnerabilities in Oracle Communications Cloud Native Core Network Data Analytics Function 2024-04-16
High Yes

Multiple vulnerabilities in Management Cloud Engine 2024-04-16
Medium Yes

References

Description of CWE-444 on Mitre website