Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-444 (HTTP请求的解释不一致性(HTTP请求私运)) — Vulnerability Class 165

165 vulnerabilities classified as CWE-444 (HTTP请求的解释不一致性(HTTP请求私运)). AI Chinese analysis included.

CWE-444 represents a critical architectural weakness where an intermediary HTTP agent, such as a proxy or firewall, fails to interpret malformed requests consistently with the ultimate destination server. This discrepancy allows attackers to exploit the ambiguity by crafting specially designed HTTP messages that are parsed differently by the front-end and back-end systems. Consequently, an attacker can smuggle malicious requests past security controls, potentially bypassing access restrictions, injecting unauthorized commands, or performing cache poisoning attacks. To mitigate this vulnerability, developers must ensure strict alignment in HTTP parsing logic across all network components. This involves configuring proxies and servers to use identical parsing standards, validating request boundaries rigorously, and employing modern frameworks that explicitly handle ambiguous headers. Regular security testing and automated fuzzing further help identify inconsistencies before deployment, ensuring that all entities in the data flow interpret messages uniformly.

MITRE CWE Description
The product acts as an intermediary HTTP agent (such as a proxy or firewall) in the data flow between two entities such as a client and server, but it does not interpret malformed HTTP requests or responses in ways that are consistent with how the messages will be processed by those entities that are at the ultimate destination. HTTP requests or responses ("messages") can be malformed or unexpected in ways that cause web servers or clients to interpret the messages in different ways than intermediary HTTP agents such as load balancers, reverse proxies, web caching proxies, application firewalls, etc. For example, an adversary may be able to add duplicate or different header fields that a client or server might interpret as one set of messages, whereas the intermediary might interpret the same sequence of bytes as a different set of messages. For example, discrepancies can arise in how to handle duplicate headers like two Transfer-encoding (TE) or two Content-length (CL), or the malicious HTTP message will have different headers for TE and CL. The inconsistent parsing and interpretation of messages can allow the adversary to "smuggle" a message to the client/server without the intermediary being aware of it. This weakness is usually the result of the usage of outdated or incompatible HTTP protocol versions in the HTTP agents.
Common Consequences (1)
Integrity, Non-Repudiation, Access ControlUnexpected State, Hide Activities, Bypass Protection Mechanism
An attacker could create HTTP messages to exploit a number of weaknesses including 1) the message can trick the web server to associate a URL with another URL's webpage and caching the contents of the webpage (web cache poisoning attack), 2) the message can be structured to bypass the firewall prote…
Mitigations (4)
ImplementationUse a web server that employs a strict HTTP parsing procedure, such as Apache [REF-433].
ImplementationUse only SSL communication.
ImplementationTerminate the client session after each request.
System ConfigurationTurn all pages to non-cacheable.
Examples (2)
In the following example, a malformed HTTP request is sent to a website that includes a proxy server and a web server with the intent of poisoning the cache to associate one webpage with another malicious webpage.
POST http://www.website.com/foobar.html HTTP/1.1 Host: www.website.com Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Content-Length: 0 Content-Length: 54 GET /poison.html HTTP/1.1 Host: www.website.com Bla: GET http://www.website.com/page_to_poison.html HTTP/1.1 Host: www.website.com Connection: Keep-Alive
Attack
GET /poison.html HTTP/1.1 Host: www.website.com Bla:
Result
In the following example, a malformed HTTP request is sent to a website that includes a web server with a firewall with the intent of bypassing the web server firewall to smuggle malicious code into the system.
POST /page.asp HTTP/1.1 Host: www.website.com Connection: Keep-Alive Content-Length: 49223 zzz...zzz ["z" x 49152] POST /page.asp HTTP/1.0 Connection: Keep-Alive Content-Length: 30 POST /page.asp HTTP/1.0 Bla: POST /page.asp?cmd.exe HTTP/1.0 Connection: Keep-Alive
Attack
CVE IDTitleCVSSSeverityPublished
CVE-2026-1760 Libsoup: soupserver: denial of service via http request smuggling — Red Hat Enterprise Linux 10 5.3 Medium2026-02-02
CVE-2025-41082 HTTP Request/Response Smuggling in Altitude Communication Server — Altitude Communication Server 9.1AICriticalAI2026-01-26
CVE-2026-1002 Eclipse Vert.x Web static handler file access denial — Eclipse Vert.x 5.3AIMediumAI2026-01-15
CVE-2026-23527 h3 v1 has Request Smuggling (TE.TE) issue — h3 8.9 High2026-01-15
CVE-2025-69225 AIOHTTP Regex Mismatch Allows Unicode in ASCII-Only Protocol Fields — aiohttp 7.5 -2026-01-05
CVE-2025-69224 AIOHTTP's Unicode processing of header values could cause parsing discrepancies — aiohttp 7.5 -2026-01-05
CVE-2025-12874 HTTP Request Smuggling in Quest Coexistence Manager for Notes — Coexistence Manager for Notes 8.2AIHighAI2025-12-19
CVE-2023-53878 Member Login Script 3.3 Client-Side Request Desynchronization Vulnerability — Member Login Script 7.5AIHighAI2025-12-15
CVE-2025-14523 Libsoup: libsoup: duplicate host header handling causes host-parsing discrepancy (first- vs last-value wins) — Red Hat Enterprise Linux 10 8.2 High2025-12-11
CVE-2025-12642 HTTP Header Smuggling via Trailer Merge — lighttpd 6.5AIMediumAI2025-11-03
CVE-2025-11915 HTTP Desynchronisation in Vertex AI for certain third-party models — Vertex AI: Partner Models for MaaS 9.8AICriticalAI2025-10-22
CVE-2025-55315 ASP.NET Security Feature Bypass Vulnerability — ASP.NET Core 2.3 9.9 Critical2025-10-14
CVE-2025-59822 Http4s vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer section — http4s 6.5AIMediumAI2025-09-23
CVE-2025-6999 WatchGuard Firebox Authentication Portal Request Smuggling Vulnerability — Fireware OS 6.1AIMediumAI2025-09-15
CVE-2025-58056 Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions — netty 7.4AIHighAI2025-09-03
CVE-2025-58068 Eventlet affected by HTTP request smuggling in unparsed trailers — eventlet 8.2 -2025-08-29
CVE-2025-54142 Akamai Ghost 环境问题漏洞 — AkamaiGhost 4.0 Medium2025-08-29
CVE-2025-32094 Akamai Ghost 环境问题漏洞 — AkamaiGhost 4.0 Medium2025-08-07
CVE-2025-52892 EspoCRM is vulnerable to access denial through double slash in URI corrupting router cache — espocrm 4.5 Medium2025-08-05
CVE-2025-53643 AIOHTTP is vulnerable to HTTP Request/Response Smuggling through incorrect parsing of chunked trailer sections — aiohttp 9.8 -2025-07-14
CVE-2025-49826 Next.js DoS vulnerability via cache poisoning — next.js 7.5 High2025-07-03
CVE-2025-49005 Next.js cache poisoning due to omission of Vary header — next.js 3.7 Low2025-07-03
CVE-2025-6442 Ruby WEBrick read_header HTTP Request Smuggling Vulnerability — WEBrick 5.9AIMediumAI2025-06-25
CVE-2025-4366 Request Smuggling Vulnerability in Pingora 7.5AIHighAI2025-05-22
CVE-2025-4600 HTTP Request Smuggling in Google Cloud Classic Application Load Balancer due to Improper Chunked Encoding Validation — Classic Application Load Balancer 7.5AIHighAI2025-05-16
CVE-2025-47905 Varnish Cache 安全漏洞 — Varnish Cache 5.4 Medium2025-05-13
CVE-2025-43859 h11 accepts some malformed Chunked-Encoding bodies — h11 9.1 Critical2025-04-24
CVE-2024-53868 Apache Traffic Server: Malformed chunked message body allows request smuggling — Apache Traffic Server 7.5AIHighAI2025-04-03
CVE-2025-31137 Remix and React Router allow URL manipulation via Host / X-Forwarded-Host headers — react-router 5.3 -2025-04-01
CVE-2022-39163 IBM Cognos Controller HTTP response smuggling — Cognos Controller 4.7 Medium2025-03-26

Vulnerabilities classified as CWE-444 (HTTP请求的解释不一致性(HTTP请求私运)) represent 165 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.