cwe 444 inconsistent interpretation of http requests ('http request smuggling')
HTTP request smuggling is an attack technique that is conducted by interfering with the processing of requests between the front end and back end servers.
The attacker exploits the vulnerability by modifying the request to include another request in the first request's body.
What is smuggling vulnerability?
Request smuggling vulnerabilities are often critical in nature, allowing an attacker to bypass security controls, gain unauthorized access to sensitive data, and directly compromise other application users.
Request smuggling is primarily associated with HTTP/1 requests.
What happens in an HTTP request smuggling attack?
Advanced HTTP Request Smuggling Attacks
This type of attack involves passing a malicious query directly to a back-end server in such a way that it is not detected by middleware security filters.
The query is then executed on the back-end server.
1021 - Improper Restriction of Rendered UI Layers or Frames 116
444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response. Smuggling'). 470 - Use of Externally-Controlled Input to Select Classes or Code |
1007 - Insufficient Visual Distinction of Homoglyphs Presented to
444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response. Smuggling'). 447 - Unimplemented or Unsupported Feature in UI. |
1007 - Insufficient Visual Distinction of Homoglyphs Presented to
444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response. Smuggling'). 447 - Unimplemented or Unsupported Feature in UI. |
1004 - Sensitive Cookie Without HttpOnly Flag 1021 - Improper
444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response. Smuggling'). 451 - User Interface (UI) Misrepresentation of Critical Information. |
1004 - Sensitive Cookie Without HttpOnly Flag 1007 - Insufficient
1048 - Invokable Control Element with Large Number of Outward Calls 444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response. |
102 - Struts: Duplicate Validation Forms 103 - Struts: Incomplete
444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response. Smuggling'). 446 - UI Discrepancy for Security Feature. |
1004 - Sensitive Cookie Without HttpOnly Flag 1007 - Insufficient
444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response. Smuggling'). 650 - Trusting HTTP Permission Methods on the Server Side. |
OWASP Top 10 Compliance - with RidgeBot® 3.8
CWE-444 —Inconsistent Interpretation of HTTP Requests ('HTTP Request. Smuggling'). •. CWE-451—User Interface (UI). Misrepresentation of Critical Information. |
OWASP Top 10 Compliance - with RidgeBot® 3.8
CWE-444 —Inconsistent Interpretation of HTTP Requests ('HTTP Request. Smuggling'). •. CWE-451—User Interface (UI). Misrepresentation of Critical Information. |
OWASP Top 10 Compliance - with RidgeBot 3.6
CWE 444—Inconsistent Interpretation of HTTP Requests ('HTTP Request. Smuggling'). • CWE 521—Weak Password Requirements. • CWE 522—Insufficiently Protected. |
HTTP - Request-Smuggling-05 - A10 Support - A10 Networks
19 mar 2020 · proxying function, can be exposed to HTTP request smuggling CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request |
CWE Version 26 - Common Weakness Enumeration - The MITRE
19 fév 2014 · CWE-98: Improper Control of Filename for Include/Require CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request |
CWE Version 30 - Common Weakness Enumeration - The MITRE
16 nov 2017 · CWE-98: Improper Control of Filename for Include/Require CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request |
CWE Version 28 - Common Weakness Enumeration - The MITRE
31 juil 2014 · CWE-98: Improper Control of Filename for Include/Require CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request |
CWE Version 31 - Common Weakness Enumeration - The MITRE
29 mar 2018 · CWE-98: Improper Control of Filename for Include/Require CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request |
CERT C Secure Coding Standard
113 - Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response 444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request |
CWE Version 15 - Common Weakness Enumeration - The MITRE
27 juil 2009 · CWE-98: Improper Control of Filename for Include/Require CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request |
1021 - Improper Restriction of Rendered UI Layers or Frames 116
436 - Interpretation Conflict 444 - Inconsistent Interpretation of HTTP Requests (' HTTP Request Smuggling') 470 - Use of Externally-Controlled Input to Select |
CWE Version 40 - Common Weakness Enumeration - The MITRE
24 fév 2020 · CWE-98: Improper Control of Filename for Include/Require CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request |
Improper Restriction of Rendered UI
444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') 447 - Unimplemented or Unsupported Feature in UI 448 - Obsolete Feature in |