BaseIncomplete
CWE-444Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
Category: other
Description
The product acts as an intermediary HTTP agent
(such as a proxy or firewall) in the data flow between two
entities such as a client and server, but it does not
interpret malformed HTTP requests or responses in ways that
are consistent with how the messages will be processed by
those entities that are at the ultimate destination.
Common consequences· 1
- Integrity / Non-Repudiation / Access Control — Unexpected State, Hide Activities, Bypass Protection MechanismAn attacker could create HTTP messages to exploit a number of weaknesses including 1) the message can trick the web server to associate a URL with another URL's webpage and caching the contents of the webpage (web cache poisoning attack), 2) the message can be structured to bypass the firewall protection mechanisms and gain unauthorized access to a web application, and 3) the message can invoke a script or a page that returns client credentials (similar to a Cross Site Scripting attack).
Potential mitigations· 4
- [Implementation]Use a web server that employs a strict HTTP parsing procedure, such as Apache [REF-433].
- [Implementation]Use only SSL communication.
- [Implementation]Terminate the client session after each request.
- [System Configuration]Turn all pages to non-cacheable.
Related CAPEC attack patterns· 2
References
Exploits (incoming)2
| Type | Target | Confidence | Tier |
|---|---|---|---|
| AttackPattern | HTTP Request Smugglingcapec-33 | 100% | live |
| AttackPattern | HTTP Response Smugglingcapec-273 | 100% | live |
(incoming)26
| Type | Target | Confidence | Tier |
|---|---|---|---|
| Vulnerability | CVE-2025-12642cve-2025-12642 | 0% | live |
| Vulnerability | CVE-2025-14523cve-2025-14523 | 0% | live |
| Vulnerability | CVE-2025-31958cve-2025-31958 | 0% | live |
| Vulnerability | CVE-2025-41235cve-2025-41235 | 0% | live |
| Vulnerability | CVE-2025-43859cve-2025-43859 | 0% | live |
| Vulnerability | CVE-2025-53628cve-2025-53628 | 0% | live |
| Vulnerability | CVE-2025-55315cve-2025-55315 | 0% | live |
| Vulnerability | CVE-2025-56266cve-2025-56266 | 0% | live |
| Vulnerability | CVE-2025-58068cve-2025-58068 | 0% | live |
| Vulnerability | Oracle E-Business Suite Server-Side Request Forgery (SSRF) Vulnerabilitycve-2025-61884 | 0% | live |
| Vulnerability | CVE-2026-1525cve-2026-1525 | 0% | live |
| Vulnerability | CVE-2026-2332cve-2026-2332 | 0% | live |
| Vulnerability | CVE-2026-23527cve-2026-23527 | 0% | live |
| Vulnerability | CVE-2026-23941cve-2026-23941 | 0% | live |
| Vulnerability | CVE-2026-2833cve-2026-2833 | 0% | live |
| Vulnerability | CVE-2026-2835cve-2026-2835 | 0% | live |
| Vulnerability | CVE-2026-28367cve-2026-28367 | 0% | live |
| Vulnerability | CVE-2026-28368cve-2026-28368 | 0% | live |
| Vulnerability | CVE-2026-28369cve-2026-28369 | 0% | live |
| Vulnerability | CVE-2026-28497cve-2026-28497 | 0% | live |
| Vulnerability | CVE-2026-41873cve-2026-41873 | 0% | live |
| Vulnerability | CVE-2026-42581cve-2026-42581 | 0% | live |
| Vulnerability | CVE-2026-42584cve-2026-42584 | 0% | live |
| KEVEntry | SAP Multiple Products HTTP Request Smuggling Vulnerabilitykev-cve-2022-22536 | 0% | live |
| KEVEntry | Qlik Sense HTTP Tunneling Vulnerabilitykev-cve-2023-41265 | 0% | live |
| KEVEntry | Qlik Sense HTTP Tunneling Vulnerabilitykev-cve-2023-48365 | 0% | live |
Related by meaning· 6
Nearest entities by semantic similarity across the cs-graph corpus.