cwe 444 http request smuggling
What is CWE 444?
CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
What is the difference between HTTP request splitting and smuggling?
HTTP Smuggling (CAPEC-33 and CAPEC-273) is different from HTTP Splitting due to the fact it relies upon discrepancies in the interpretation of various HTTP Headers and message sizes and not solely user input of special characters and character encoding.
What is HTTP request smuggling?
HTTP request smuggling (HRS) is a security exploit on the HTTP protocol that takes advantage of an inconsistency between the interpretation of Content-Length and Transfer-Encoding headers between HTTP server implementations in an HTTP proxy server chain.
It was first documented in 2005 by Linhart et al.This can cause either the front-end or the back-end server to incorrectly interpret the request, passing through a malicious HTTP query.
Request smuggling vulnerabilities let cybercriminals side-step security measures, attain access to sensitive information, and directly compromise various application users.
1004 - Sensitive Cookie Without HttpOnly Flag 1021 - Improper
444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response. Smuggling'). 451 - User Interface (UI) Misrepresentation of Critical Information. |
1021 - Improper Restriction of Rendered UI Layers or Frames 116
444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response. Smuggling'). 470 - Use of Externally-Controlled Input to Select Classes or Code |
1021 - Improper Restriction of Rendered UI Layers or Frames 116
444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response. Smuggling'). 470 - Use of Externally-Controlled Input to Select Classes or Code |
1007 - Insufficient Visual Distinction of Homoglyphs Presented to
444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response. Smuggling'). 447 - Unimplemented or Unsupported Feature in UI. |
CWE Version 4.8
2022?6?28? CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP ... headers allowing HTTP response smuggling (CWE-444) using an "LF line. |
CWE Version 4.8
2022?6?28? CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP ... headers allowing HTTP response smuggling (CWE-444) using an "LF line. |
1007 - Insufficient Visual Distinction of Homoglyphs Presented to
444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response. Smuggling'). 447 - Unimplemented or Unsupported Feature in UI. |
1004 - Sensitive Cookie Without HttpOnly Flag 1007 - Insufficient
113 - Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP 444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response. |
SSA-389290: Third-Party Component Vulnerabilities in SINEC INS
2022?3?8? CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP. Request Smuggling'). Vulnerability CVE-2020-8625. |
OWASP Top 10 Compliance - with RidgeBot® 3.8
CWE-444 —Inconsistent Interpretation of HTTP Requests ('HTTP Request. Smuggling'). •. CWE-451—User Interface (UI). Misrepresentation of Critical Information. |
HTTP - Request-Smuggling-05 - A10 Support - A10 Networks
19 mar 2020 · A deployed ADC configuration, which includes the back-end server, can be exposed to HTTP request smuggling CWE-444 provides 2 |
CWE Version 26 - Common Weakness Enumeration - The MITRE
19 fév 2014 · CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') 201 CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') 718 |
CWE Version 30 - Common Weakness Enumeration - The MITRE
16 nov 2017 · CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers CWE -444: Inconsistent Interpretation of HTTP Requests ('HTTP |
CWE Version 31 - Common Weakness Enumeration - The MITRE
29 mar 2018 · CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') 246 CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') 898 |
CWE Version 28 - Common Weakness Enumeration - The MITRE
31 juil 2014 · CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') 211 CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') 756 |
1021 - Improper Restriction of Rendered UI Layers or Frames 116
444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') 470 - Use of Externally-Controlled Input to Select Classes or Code ('Unsafe |
CWE Version 40 - Common Weakness Enumeration - The MITRE
24 fév 2020 · CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers CWE -444: Inconsistent Interpretation of HTTP Requests ('HTTP |
CWE Version 15 - Common Weakness Enumeration - The MITRE
27 juil 2009 · CWE-113: Failure to Sanitize CRLF Sequences in HTTP Headers ('HTTP Response Splitting') 132 CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') 477 |
CERT C Secure Coding Standard
444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') 650 - Trusting HTTP Permission Methods on the Server Side 440 - Expected |
TARA - The MITRE Corporation
15 mai 2018 · HTTP Request Smuggling results from the discrepancies in parsing HTTP http ://cwe mitre org/data/definitions/732 html; https://ics-cert us- |