SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SA…

Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' …

An HTTP Request Tunneling vulnerability found in Qlik Sense Enterprise for Windows for versions…

Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP …

The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not stri…

Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly par…

The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not corr…

Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Cor…

Apache Dubbo prior to 2.7.9 support Tag routing which will enable a customer to route the reque…

Apache HTTP Server versions 2.4.6 to 2.4.46 mod_proxy_wstunnel configured on an URL that is not…

Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module…

HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfe…

An integer overflow exists in HAProxy 2.0 through 2.5 in htx_add_header that can be exploited t…

Pulse Secure version 9.115 and below may be susceptible to client-side http request smuggling, …

The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to …

The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 a…

The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not corr…

Microsoft IIS 5.0 and 6.0 allows remote attackers to poison the web cache, bypass web applicati…

Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encount…

Qlik Sense Enterprise for Windows before August 2023 Patch 2 allows unauthenticated remote code…

In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP/1.x configurations), and…

The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, al…

Netty is an open-source, asynchronous event-driven network application framework for rapid deve…

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_pr…

Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in…

In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default …

NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as …

HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied …

An issue was discovered in Squid 3.x and 4.x through 4.8. It allows attackers to smuggle HTTP r…

A flaw was found in HAProxy before 2.0.6. In legacy mode, messages featuring a transfer-encodin…

In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsin…

The net/http library in net/textproto/reader.go in Go before 1.4.3 does not properly parse HTTP…

The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.9…

HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which m…

A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a…

Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers (such as a "Tr…

An issue was discovered in Squid through 4.13 and 5.x through 5.0.4. Due to improper input vali…

Improper parsing of HTTP requests in Pallets Werkzeug v2.1.0 and below allows attackers to perf…

In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default …

There are multiple HTTP smuggling and cache poisoning issues when clients making malicious requ…