Common Weakness Enumeration

CWE-444

Allowed

Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Abstraction: Base · Status: Incomplete

The product acts as an intermediary HTTP agent (such as a proxy or firewall) in the data flow between two entities such as a client and server, but it does not interpret malformed HTTP requests or responses in ways that are consistent with how the messages will be processed by those entities that are at the ultimate destination.

551 vulnerabilities reference this CWE, most recent first.

CVE-2022-22536 (GCVE-0-2022-22536)

Vulnerability from cvelistv5 – Published: 2022-02-09 22:05 – Updated: 2025-10-21 23:15
VLAI
Summary
SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable for request smuggling and request concatenation. An unauthenticated attacker can prepend a victim's request with arbitrary data. This way, the attacker can execute functions impersonating the victim or poison intermediary Web caches. A successful attack could result in complete compromise of Confidentiality, Integrity and Availability of the system.
SSVC
Exploitation: active Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
Assigner
sap
Impacted products
Vendor Product Version
SAP SE SAP NetWeaver and ABAP Platform Affected: KERNEL 7.22
Affected: 8.04
Affected: 7.49
Affected: 7.53
Affected: 7.77
Affected: 7.81
Affected: 7.85
Affected: 7.86
Affected: 7.87
Affected: KRNL64UC 8.04
Affected: 7.22
Affected: 7.22EXT
Affected: KRNL64NUC 7.22
Create a notification for this product.
SAP SE SAP Web Dispatcher Affected: 7.49
Affected: 7.53
Affected: 7.77
Affected: 7.81
Affected: 7.85
Affected: 7.22EXT
Affected: 7.86
Affected: 7.87
Create a notification for this product.
SAP SE SAP Content Server Affected: 7.53
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T03:14:55.457Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://launchpad.support.sap.com/#/notes/3123396"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-22536",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-29T20:20:36.420396Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2022-08-18",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-22536"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T23:15:47.646Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-22536"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2022-08-18T00:00:00.000Z",
            "value": "CVE-2022-22536 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "SAP NetWeaver and ABAP Platform",
          "vendor": "SAP SE",
          "versions": [
            {
              "status": "affected",
              "version": "KERNEL 7.22"
            },
            {
              "status": "affected",
              "version": "8.04"
            },
            {
              "status": "affected",
              "version": "7.49"
            },
            {
              "status": "affected",
              "version": "7.53"
            },
            {
              "status": "affected",
              "version": "7.77"
            },
            {
              "status": "affected",
              "version": "7.81"
            },
            {
              "status": "affected",
              "version": "7.85"
            },
            {
              "status": "affected",
              "version": "7.86"
            },
            {
              "status": "affected",
              "version": "7.87"
            },
            {
              "status": "affected",
              "version": "KRNL64UC 8.04"
            },
            {
              "status": "affected",
              "version": "7.22"
            },
            {
              "status": "affected",
              "version": "7.22EXT"
            },
            {
              "status": "affected",
              "version": "KRNL64NUC 7.22"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "SAP Web Dispatcher",
          "vendor": "SAP SE",
          "versions": [
            {
              "status": "affected",
              "version": "7.49"
            },
            {
              "status": "affected",
              "version": "7.53"
            },
            {
              "status": "affected",
              "version": "7.77"
            },
            {
              "status": "affected",
              "version": "7.81"
            },
            {
              "status": "affected",
              "version": "7.85"
            },
            {
              "status": "affected",
              "version": "7.22EXT"
            },
            {
              "status": "affected",
              "version": "7.86"
            },
            {
              "status": "affected",
              "version": "7.87"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "SAP Content Server",
          "vendor": "SAP SE",
          "versions": [
            {
              "status": "affected",
              "version": "7.53"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eSAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable for request smuggling and request concatenation. An unauthenticated attacker can prepend a victim\u0027s request with arbitrary data. This way, the attacker can execute functions impersonating the victim or poison intermediary Web caches. A successful attack could result in complete compromise of Confidentiality, Integrity and Availability of the system.\u003c/p\u003e"
            }
          ],
          "value": "SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable for request smuggling and request concatenation. An unauthenticated attacker can prepend a victim\u0027s request with arbitrary data. This way, the attacker can execute functions impersonating the victim or poison intermediary Web caches. A successful attack could result in complete compromise of Confidentiality, Integrity and Availability of the system."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-444",
              "description": "CWE-444 Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request Smuggling\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-26T03:11:25.429Z",
        "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "shortName": "sap"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://launchpad.support.sap.com/#/notes/3123396"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cna@sap.com",
          "ID": "CVE-2022-22536",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SAP NetWeaver and ABAP Platform",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "KERNEL 7.22"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8.04"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7.49"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7.53"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7.77"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7.81"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7.85"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7.86"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7.87"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "KRNL64UC 8.04"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7.22"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7.22EXT"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7.49"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7.53"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "KRNL64NUC 7.22"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7.22EXT"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7.49"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SAP Web Dispatcher",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "7.49"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7.53"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7.77"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7.81"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7.85"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7.22EXT"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7.86"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7.87"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SAP Content Server",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "7.53"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "SAP SE"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable for request smuggling and request concatenation. An unauthenticated attacker can prepend a victim\u0027s request with arbitrary data. This way, the attacker can execute functions impersonating the victim or poison intermediary Web caches. A successful attack could result in complete compromise of Confidentiality, Integrity and Availability of the system."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "null",
            "vectorString": "null",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-444"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://launchpad.support.sap.com/#/notes/3123396",
              "refsource": "MISC",
              "url": "https://launchpad.support.sap.com/#/notes/3123396"
            },
            {
              "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
              "refsource": "MISC",
              "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
    "assignerShortName": "sap",
    "cveId": "CVE-2022-22536",
    "datePublished": "2022-02-09T22:05:24.000Z",
    "dateReserved": "2022-01-04T00:00:00.000Z",
    "dateUpdated": "2025-10-21T23:15:47.646Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-22532 (GCVE-0-2022-22532)

Vulnerability from cvelistv5 – Published: 2022-02-09 22:05 – Updated: 2024-08-03 03:14
VLAI
Summary
In SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an unauthenticated attacker could submit a crafted HTTP server request which triggers improper shared memory buffer handling. This could allow the malicious payload to be executed and hence execute functions that could be impersonating the victim or even steal the victim's logon session.
Severity
No CVSS data available.
CWE
Assigner
sap
References
Impacted products
Vendor Product Version
SAP SE SAP NetWeaver Application Server Java Affected: KRNL64NUC 7.22
Affected: 7.22EXT
Affected: 7.49
Affected: KRNL64UC
Affected: 7.22
Affected: 7.53
Affected: KERNEL 7.22
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T03:14:55.440Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://launchpad.support.sap.com/#/notes/3123427"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SAP NetWeaver Application Server Java",
          "vendor": "SAP SE",
          "versions": [
            {
              "status": "affected",
              "version": "KRNL64NUC 7.22"
            },
            {
              "status": "affected",
              "version": "7.22EXT"
            },
            {
              "status": "affected",
              "version": "7.49"
            },
            {
              "status": "affected",
              "version": "KRNL64UC"
            },
            {
              "status": "affected",
              "version": "7.22"
            },
            {
              "status": "affected",
              "version": "7.53"
            },
            {
              "status": "affected",
              "version": "KERNEL 7.22"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an unauthenticated attacker could submit a crafted HTTP server request which triggers improper shared memory buffer handling. This could allow the malicious payload to be executed and hence execute functions that could be impersonating the victim or even steal the victim\u0027s logon session."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-444",
              "description": "CWE-444",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-08-24T15:16:54.000Z",
        "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "shortName": "sap"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://launchpad.support.sap.com/#/notes/3123427"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cna@sap.com",
          "ID": "CVE-2022-22532",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SAP NetWeaver Application Server Java",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "KRNL64NUC 7.22"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7.22EXT"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7.49"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "KRNL64UC"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7.22"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7.22EXT"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7.49"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7.53"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "KERNEL 7.22"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7.49"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7.53"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "SAP SE"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an unauthenticated attacker could submit a crafted HTTP server request which triggers improper shared memory buffer handling. This could allow the malicious payload to be executed and hence execute functions that could be impersonating the victim or even steal the victim\u0027s logon session."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "null",
            "vectorString": "null",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-444"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://launchpad.support.sap.com/#/notes/3123427",
              "refsource": "MISC",
              "url": "https://launchpad.support.sap.com/#/notes/3123427"
            },
            {
              "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
              "refsource": "MISC",
              "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
    "assignerShortName": "sap",
    "cveId": "CVE-2022-22532",
    "datePublished": "2022-02-09T22:05:19.000Z",
    "dateReserved": "2022-01-04T00:00:00.000Z",
    "dateUpdated": "2024-08-03T03:14:55.440Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-21826 (GCVE-0-2022-21826)

Vulnerability from cvelistv5 – Published: 2022-09-30 16:24 – Updated: 2024-08-03 02:53
VLAI
Summary
Pulse Secure version 9.115 and below may be susceptible to client-side http request smuggling, When the application receives a POST request, it ignores the request's Content-Length header and leaves the POST body on the TCP/TLS socket. This body ends up prefixing the next HTTP request sent down that connection, this means when someone loads website attacker may be able to make browser issue a POST to the application, enabling XSS.
Severity
No CVSS data available.
CWE
  • CWE-444 - HTTP Request Smuggling (CWE-444)
Assigner
References
Impacted products
Vendor Product Version
n/a Pulse Connect Secure VPN Server Affected: 9.1R14 and below
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T02:53:36.293Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/Client-Side-Desync-Attack/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Pulse Connect Secure VPN Server",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "9.1R14 and below"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Pulse Secure version 9.115 and below may be susceptible to client-side http request smuggling, When the application receives a POST request, it ignores the request\u0027s Content-Length header and leaves the POST body on the TCP/TLS socket. This body ends up prefixing the next HTTP request sent down that connection, this means when someone loads website attacker may be able to make browser issue a POST to the application, enabling XSS."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-444",
              "description": "HTTP Request Smuggling (CWE-444)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-09-30T16:24:25.000Z",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/Client-Side-Desync-Attack/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "support@hackerone.com",
          "ID": "CVE-2022-21826",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Pulse Connect Secure VPN Server",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "9.1R14 and below"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Pulse Secure version 9.115 and below may be susceptible to client-side http request smuggling, When the application receives a POST request, it ignores the request\u0027s Content-Length header and leaves the POST body on the TCP/TLS socket. This body ends up prefixing the next HTTP request sent down that connection, this means when someone loads website attacker may be able to make browser issue a POST to the application, enabling XSS."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "HTTP Request Smuggling (CWE-444)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/Client-Side-Desync-Attack/",
              "refsource": "MISC",
              "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/Client-Side-Desync-Attack/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2022-21826",
    "datePublished": "2022-09-30T16:24:25.000Z",
    "dateReserved": "2021-12-10T00:00:00.000Z",
    "dateUpdated": "2024-08-03T02:53:36.293Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-20713 (GCVE-0-2022-20713)

Vulnerability from cvelistv5 – Published: 2022-08-10 16:20 – Updated: 2024-09-16 20:53
VLAI
Summary
A vulnerability in the VPN web client services component of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct browser-based attacks against users of an affected device. This vulnerability is due to improper validation of input that is passed to the VPN web client services component before being returned to the browser that is in use. An attacker could exploit this vulnerability by persuading a user to visit a website that is designed to pass malicious requests to a device that is running Cisco ASA Software or Cisco FTD Software and has web services endpoints supporting VPN features enabled. A successful exploit could allow the attacker to reflect malicious input from the affected device to the browser that is in use and conduct browser-based attacks, including cross-site scripting attacks. The attacker could not directly impact the affected device.
CWE
  • CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
Assigner
Impacted products
Vendor Product Version
Cisco Cisco Adaptive Security Appliance (ASA) Software Affected: 9.8.1
Affected: 9.8.1.5
Affected: 9.8.1.7
Affected: 9.8.2
Affected: 9.8.2.8
Affected: 9.8.2.14
Affected: 9.8.2.15
Affected: 9.8.2.17
Affected: 9.8.2.20
Affected: 9.8.2.24
Affected: 9.8.2.26
Affected: 9.8.2.28
Affected: 9.8.2.33
Affected: 9.8.2.35
Affected: 9.8.2.38
Affected: 9.8.3.8
Affected: 9.8.3.11
Affected: 9.8.3.14
Affected: 9.8.3.16
Affected: 9.8.3.18
Affected: 9.8.3.21
Affected: 9.8.3
Affected: 9.8.3.26
Affected: 9.8.3.29
Affected: 9.8.4
Affected: 9.8.4.3
Affected: 9.8.4.7
Affected: 9.8.4.8
Affected: 9.8.4.10
Affected: 9.8.4.12
Affected: 9.8.4.15
Affected: 9.8.4.17
Affected: 9.8.4.25
Affected: 9.8.4.20
Affected: 9.8.4.22
Affected: 9.8.4.26
Affected: 9.8.4.29
Affected: 9.8.4.32
Affected: 9.8.4.33
Affected: 9.8.4.34
Affected: 9.8.4.35
Affected: 9.8.4.39
Affected: 9.8.4.40
Affected: 9.8.4.41
Affected: 9.8.4.43
Affected: 9.8.4.44
Affected: 9.8.4.45
Affected: 9.8.4.46
Affected: 9.8.4.48
Affected: 9.12.1
Affected: 9.12.1.2
Affected: 9.12.1.3
Affected: 9.12.2
Affected: 9.12.2.4
Affected: 9.12.2.5
Affected: 9.12.2.9
Affected: 9.12.3
Affected: 9.12.3.2
Affected: 9.12.3.7
Affected: 9.12.4
Affected: 9.12.3.12
Affected: 9.12.3.9
Affected: 9.12.2.1
Affected: 9.12.4.2
Affected: 9.12.4.4
Affected: 9.12.4.7
Affected: 9.12.4.10
Affected: 9.12.4.13
Affected: 9.12.4.8
Affected: 9.12.4.18
Affected: 9.12.4.24
Affected: 9.12.4.26
Affected: 9.12.4.29
Affected: 9.12.4.30
Affected: 9.12.4.35
Affected: 9.12.4.37
Affected: 9.12.4.38
Affected: 9.12.4.39
Affected: 9.12.4.40
Affected: 9.12.4.41
Affected: 9.12.4.47
Affected: 9.12.4.48
Affected: 9.12.4.50
Affected: 9.12.4.52
Affected: 9.12.4.54
Affected: 9.12.4.55
Affected: 9.12.4.56
Affected: 9.12.4.58
Affected: 9.14.1
Affected: 9.14.1.10
Affected: 9.14.1.6
Affected: 9.14.1.15
Affected: 9.14.1.19
Affected: 9.14.1.30
Affected: 9.14.2
Affected: 9.14.2.4
Affected: 9.14.2.8
Affected: 9.14.2.13
Affected: 9.14.2.15
Affected: 9.14.3
Affected: 9.14.3.1
Affected: 9.14.3.9
Affected: 9.14.3.11
Affected: 9.14.3.13
Affected: 9.14.3.18
Affected: 9.14.3.15
Affected: 9.14.4
Affected: 9.14.4.6
Affected: 9.14.4.7
Affected: 9.14.4.12
Affected: 9.14.4.13
Affected: 9.14.4.14
Affected: 9.14.4.15
Affected: 9.14.4.17
Affected: 9.14.4.22
Affected: 9.14.4.23
Affected: 9.15.1
Affected: 9.15.1.7
Affected: 9.15.1.10
Affected: 9.15.1.15
Affected: 9.15.1.16
Affected: 9.15.1.17
Affected: 9.15.1.1
Affected: 9.15.1.21
Affected: 9.16.1
Affected: 9.16.1.28
Affected: 9.16.2
Affected: 9.16.2.3
Affected: 9.16.2.7
Affected: 9.16.2.11
Affected: 9.16.2.13
Affected: 9.16.2.14
Affected: 9.16.3
Affected: 9.16.3.3
Affected: 9.16.3.14
Affected: 9.16.3.15
Affected: 9.16.3.19
Affected: 9.16.3.23
Affected: 9.16.4
Affected: 9.16.4.9
Affected: 9.16.4.14
Affected: 9.16.4.18
Affected: 9.16.4.19
Affected: 9.16.4.27
Affected: 9.17.1
Affected: 9.17.1.7
Affected: 9.17.1.9
Affected: 9.17.1.10
Affected: 9.17.1.11
Affected: 9.17.1.13
Affected: 9.17.1.15
Affected: 9.17.1.20
Affected: 9.17.1.30
Affected: 9.18.1
Affected: 9.18.1.3
Affected: 9.18.2
Affected: 9.18.2.5
Affected: 9.18.2.7
Affected: 9.18.2.8
Affected: 9.18.3
Affected: 9.18.3.39
Affected: 9.18.3.46
Affected: 9.19.1
Affected: 9.19.1.5
Affected: 9.19.1.9
Affected: 9.19.1.12
Create a notification for this product.
Cisco Cisco Firepower Threat Defense Software Affected: 6.2.3
Affected: 6.2.3.1
Affected: 6.2.3.2
Affected: 6.2.3.3
Affected: 6.2.3.4
Affected: 6.2.3.5
Affected: 6.2.3.6
Affected: 6.2.3.7
Affected: 6.2.3.8
Affected: 6.2.3.10
Affected: 6.2.3.11
Affected: 6.2.3.9
Affected: 6.2.3.12
Affected: 6.2.3.13
Affected: 6.2.3.14
Affected: 6.2.3.15
Affected: 6.2.3.16
Affected: 6.2.3.17
Affected: 6.2.3.18
Affected: 6.6.0
Affected: 6.6.0.1
Affected: 6.6.1
Affected: 6.6.3
Affected: 6.6.4
Affected: 6.6.5
Affected: 6.6.5.1
Affected: 6.6.5.2
Affected: 6.6.7
Affected: 6.6.7.1
Affected: 6.4.0
Affected: 6.4.0.1
Affected: 6.4.0.3
Affected: 6.4.0.2
Affected: 6.4.0.4
Affected: 6.4.0.5
Affected: 6.4.0.6
Affected: 6.4.0.7
Affected: 6.4.0.8
Affected: 6.4.0.9
Affected: 6.4.0.10
Affected: 6.4.0.11
Affected: 6.4.0.12
Affected: 6.4.0.13
Affected: 6.4.0.14
Affected: 6.4.0.15
Affected: 6.4.0.16
Affected: 6.7.0
Affected: 6.7.0.1
Affected: 6.7.0.2
Affected: 6.7.0.3
Affected: 7.0.0
Affected: 7.0.0.1
Affected: 7.0.1
Affected: 7.0.1.1
Affected: 7.0.2
Affected: 7.0.2.1
Affected: 7.0.3
Affected: 7.0.4
Affected: 7.0.5
Affected: 7.1.0
Affected: 7.1.0.1
Affected: 7.1.0.2
Affected: 7.1.0.3
Affected: 7.2.0
Affected: 7.2.0.1
Affected: 7.2.1
Affected: 7.2.2
Affected: 7.2.3
Affected: 7.2.4
Affected: 7.3.0
Affected: 7.3.1
Affected: 7.3.1.1
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T02:24:48.583Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "cisco-sa-asa-webvpn-LOeKsNmO",
            "tags": [
              "x_transferred"
            ],
            "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-webvpn-LOeKsNmO"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Adaptive Security Appliance (ASA) Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "9.8.1"
            },
            {
              "status": "affected",
              "version": "9.8.1.5"
            },
            {
              "status": "affected",
              "version": "9.8.1.7"
            },
            {
              "status": "affected",
              "version": "9.8.2"
            },
            {
              "status": "affected",
              "version": "9.8.2.8"
            },
            {
              "status": "affected",
              "version": "9.8.2.14"
            },
            {
              "status": "affected",
              "version": "9.8.2.15"
            },
            {
              "status": "affected",
              "version": "9.8.2.17"
            },
            {
              "status": "affected",
              "version": "9.8.2.20"
            },
            {
              "status": "affected",
              "version": "9.8.2.24"
            },
            {
              "status": "affected",
              "version": "9.8.2.26"
            },
            {
              "status": "affected",
              "version": "9.8.2.28"
            },
            {
              "status": "affected",
              "version": "9.8.2.33"
            },
            {
              "status": "affected",
              "version": "9.8.2.35"
            },
            {
              "status": "affected",
              "version": "9.8.2.38"
            },
            {
              "status": "affected",
              "version": "9.8.3.8"
            },
            {
              "status": "affected",
              "version": "9.8.3.11"
            },
            {
              "status": "affected",
              "version": "9.8.3.14"
            },
            {
              "status": "affected",
              "version": "9.8.3.16"
            },
            {
              "status": "affected",
              "version": "9.8.3.18"
            },
            {
              "status": "affected",
              "version": "9.8.3.21"
            },
            {
              "status": "affected",
              "version": "9.8.3"
            },
            {
              "status": "affected",
              "version": "9.8.3.26"
            },
            {
              "status": "affected",
              "version": "9.8.3.29"
            },
            {
              "status": "affected",
              "version": "9.8.4"
            },
            {
              "status": "affected",
              "version": "9.8.4.3"
            },
            {
              "status": "affected",
              "version": "9.8.4.7"
            },
            {
              "status": "affected",
              "version": "9.8.4.8"
            },
            {
              "status": "affected",
              "version": "9.8.4.10"
            },
            {
              "status": "affected",
              "version": "9.8.4.12"
            },
            {
              "status": "affected",
              "version": "9.8.4.15"
            },
            {
              "status": "affected",
              "version": "9.8.4.17"
            },
            {
              "status": "affected",
              "version": "9.8.4.25"
            },
            {
              "status": "affected",
              "version": "9.8.4.20"
            },
            {
              "status": "affected",
              "version": "9.8.4.22"
            },
            {
              "status": "affected",
              "version": "9.8.4.26"
            },
            {
              "status": "affected",
              "version": "9.8.4.29"
            },
            {
              "status": "affected",
              "version": "9.8.4.32"
            },
            {
              "status": "affected",
              "version": "9.8.4.33"
            },
            {
              "status": "affected",
              "version": "9.8.4.34"
            },
            {
              "status": "affected",
              "version": "9.8.4.35"
            },
            {
              "status": "affected",
              "version": "9.8.4.39"
            },
            {
              "status": "affected",
              "version": "9.8.4.40"
            },
            {
              "status": "affected",
              "version": "9.8.4.41"
            },
            {
              "status": "affected",
              "version": "9.8.4.43"
            },
            {
              "status": "affected",
              "version": "9.8.4.44"
            },
            {
              "status": "affected",
              "version": "9.8.4.45"
            },
            {
              "status": "affected",
              "version": "9.8.4.46"
            },
            {
              "status": "affected",
              "version": "9.8.4.48"
            },
            {
              "status": "affected",
              "version": "9.12.1"
            },
            {
              "status": "affected",
              "version": "9.12.1.2"
            },
            {
              "status": "affected",
              "version": "9.12.1.3"
            },
            {
              "status": "affected",
              "version": "9.12.2"
            },
            {
              "status": "affected",
              "version": "9.12.2.4"
            },
            {
              "status": "affected",
              "version": "9.12.2.5"
            },
            {
              "status": "affected",
              "version": "9.12.2.9"
            },
            {
              "status": "affected",
              "version": "9.12.3"
            },
            {
              "status": "affected",
              "version": "9.12.3.2"
            },
            {
              "status": "affected",
              "version": "9.12.3.7"
            },
            {
              "status": "affected",
              "version": "9.12.4"
            },
            {
              "status": "affected",
              "version": "9.12.3.12"
            },
            {
              "status": "affected",
              "version": "9.12.3.9"
            },
            {
              "status": "affected",
              "version": "9.12.2.1"
            },
            {
              "status": "affected",
              "version": "9.12.4.2"
            },
            {
              "status": "affected",
              "version": "9.12.4.4"
            },
            {
              "status": "affected",
              "version": "9.12.4.7"
            },
            {
              "status": "affected",
              "version": "9.12.4.10"
            },
            {
              "status": "affected",
              "version": "9.12.4.13"
            },
            {
              "status": "affected",
              "version": "9.12.4.8"
            },
            {
              "status": "affected",
              "version": "9.12.4.18"
            },
            {
              "status": "affected",
              "version": "9.12.4.24"
            },
            {
              "status": "affected",
              "version": "9.12.4.26"
            },
            {
              "status": "affected",
              "version": "9.12.4.29"
            },
            {
              "status": "affected",
              "version": "9.12.4.30"
            },
            {
              "status": "affected",
              "version": "9.12.4.35"
            },
            {
              "status": "affected",
              "version": "9.12.4.37"
            },
            {
              "status": "affected",
              "version": "9.12.4.38"
            },
            {
              "status": "affected",
              "version": "9.12.4.39"
            },
            {
              "status": "affected",
              "version": "9.12.4.40"
            },
            {
              "status": "affected",
              "version": "9.12.4.41"
            },
            {
              "status": "affected",
              "version": "9.12.4.47"
            },
            {
              "status": "affected",
              "version": "9.12.4.48"
            },
            {
              "status": "affected",
              "version": "9.12.4.50"
            },
            {
              "status": "affected",
              "version": "9.12.4.52"
            },
            {
              "status": "affected",
              "version": "9.12.4.54"
            },
            {
              "status": "affected",
              "version": "9.12.4.55"
            },
            {
              "status": "affected",
              "version": "9.12.4.56"
            },
            {
              "status": "affected",
              "version": "9.12.4.58"
            },
            {
              "status": "affected",
              "version": "9.14.1"
            },
            {
              "status": "affected",
              "version": "9.14.1.10"
            },
            {
              "status": "affected",
              "version": "9.14.1.6"
            },
            {
              "status": "affected",
              "version": "9.14.1.15"
            },
            {
              "status": "affected",
              "version": "9.14.1.19"
            },
            {
              "status": "affected",
              "version": "9.14.1.30"
            },
            {
              "status": "affected",
              "version": "9.14.2"
            },
            {
              "status": "affected",
              "version": "9.14.2.4"
            },
            {
              "status": "affected",
              "version": "9.14.2.8"
            },
            {
              "status": "affected",
              "version": "9.14.2.13"
            },
            {
              "status": "affected",
              "version": "9.14.2.15"
            },
            {
              "status": "affected",
              "version": "9.14.3"
            },
            {
              "status": "affected",
              "version": "9.14.3.1"
            },
            {
              "status": "affected",
              "version": "9.14.3.9"
            },
            {
              "status": "affected",
              "version": "9.14.3.11"
            },
            {
              "status": "affected",
              "version": "9.14.3.13"
            },
            {
              "status": "affected",
              "version": "9.14.3.18"
            },
            {
              "status": "affected",
              "version": "9.14.3.15"
            },
            {
              "status": "affected",
              "version": "9.14.4"
            },
            {
              "status": "affected",
              "version": "9.14.4.6"
            },
            {
              "status": "affected",
              "version": "9.14.4.7"
            },
            {
              "status": "affected",
              "version": "9.14.4.12"
            },
            {
              "status": "affected",
              "version": "9.14.4.13"
            },
            {
              "status": "affected",
              "version": "9.14.4.14"
            },
            {
              "status": "affected",
              "version": "9.14.4.15"
            },
            {
              "status": "affected",
              "version": "9.14.4.17"
            },
            {
              "status": "affected",
              "version": "9.14.4.22"
            },
            {
              "status": "affected",
              "version": "9.14.4.23"
            },
            {
              "status": "affected",
              "version": "9.15.1"
            },
            {
              "status": "affected",
              "version": "9.15.1.7"
            },
            {
              "status": "affected",
              "version": "9.15.1.10"
            },
            {
              "status": "affected",
              "version": "9.15.1.15"
            },
            {
              "status": "affected",
              "version": "9.15.1.16"
            },
            {
              "status": "affected",
              "version": "9.15.1.17"
            },
            {
              "status": "affected",
              "version": "9.15.1.1"
            },
            {
              "status": "affected",
              "version": "9.15.1.21"
            },
            {
              "status": "affected",
              "version": "9.16.1"
            },
            {
              "status": "affected",
              "version": "9.16.1.28"
            },
            {
              "status": "affected",
              "version": "9.16.2"
            },
            {
              "status": "affected",
              "version": "9.16.2.3"
            },
            {
              "status": "affected",
              "version": "9.16.2.7"
            },
            {
              "status": "affected",
              "version": "9.16.2.11"
            },
            {
              "status": "affected",
              "version": "9.16.2.13"
            },
            {
              "status": "affected",
              "version": "9.16.2.14"
            },
            {
              "status": "affected",
              "version": "9.16.3"
            },
            {
              "status": "affected",
              "version": "9.16.3.3"
            },
            {
              "status": "affected",
              "version": "9.16.3.14"
            },
            {
              "status": "affected",
              "version": "9.16.3.15"
            },
            {
              "status": "affected",
              "version": "9.16.3.19"
            },
            {
              "status": "affected",
              "version": "9.16.3.23"
            },
            {
              "status": "affected",
              "version": "9.16.4"
            },
            {
              "status": "affected",
              "version": "9.16.4.9"
            },
            {
              "status": "affected",
              "version": "9.16.4.14"
            },
            {
              "status": "affected",
              "version": "9.16.4.18"
            },
            {
              "status": "affected",
              "version": "9.16.4.19"
            },
            {
              "status": "affected",
              "version": "9.16.4.27"
            },
            {
              "status": "affected",
              "version": "9.17.1"
            },
            {
              "status": "affected",
              "version": "9.17.1.7"
            },
            {
              "status": "affected",
              "version": "9.17.1.9"
            },
            {
              "status": "affected",
              "version": "9.17.1.10"
            },
            {
              "status": "affected",
              "version": "9.17.1.11"
            },
            {
              "status": "affected",
              "version": "9.17.1.13"
            },
            {
              "status": "affected",
              "version": "9.17.1.15"
            },
            {
              "status": "affected",
              "version": "9.17.1.20"
            },
            {
              "status": "affected",
              "version": "9.17.1.30"
            },
            {
              "status": "affected",
              "version": "9.18.1"
            },
            {
              "status": "affected",
              "version": "9.18.1.3"
            },
            {
              "status": "affected",
              "version": "9.18.2"
            },
            {
              "status": "affected",
              "version": "9.18.2.5"
            },
            {
              "status": "affected",
              "version": "9.18.2.7"
            },
            {
              "status": "affected",
              "version": "9.18.2.8"
            },
            {
              "status": "affected",
              "version": "9.18.3"
            },
            {
              "status": "affected",
              "version": "9.18.3.39"
            },
            {
              "status": "affected",
              "version": "9.18.3.46"
            },
            {
              "status": "affected",
              "version": "9.19.1"
            },
            {
              "status": "affected",
              "version": "9.19.1.5"
            },
            {
              "status": "affected",
              "version": "9.19.1.9"
            },
            {
              "status": "affected",
              "version": "9.19.1.12"
            }
          ]
        },
        {
          "product": "Cisco Firepower Threat Defense Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "6.2.3"
            },
            {
              "status": "affected",
              "version": "6.2.3.1"
            },
            {
              "status": "affected",
              "version": "6.2.3.2"
            },
            {
              "status": "affected",
              "version": "6.2.3.3"
            },
            {
              "status": "affected",
              "version": "6.2.3.4"
            },
            {
              "status": "affected",
              "version": "6.2.3.5"
            },
            {
              "status": "affected",
              "version": "6.2.3.6"
            },
            {
              "status": "affected",
              "version": "6.2.3.7"
            },
            {
              "status": "affected",
              "version": "6.2.3.8"
            },
            {
              "status": "affected",
              "version": "6.2.3.10"
            },
            {
              "status": "affected",
              "version": "6.2.3.11"
            },
            {
              "status": "affected",
              "version": "6.2.3.9"
            },
            {
              "status": "affected",
              "version": "6.2.3.12"
            },
            {
              "status": "affected",
              "version": "6.2.3.13"
            },
            {
              "status": "affected",
              "version": "6.2.3.14"
            },
            {
              "status": "affected",
              "version": "6.2.3.15"
            },
            {
              "status": "affected",
              "version": "6.2.3.16"
            },
            {
              "status": "affected",
              "version": "6.2.3.17"
            },
            {
              "status": "affected",
              "version": "6.2.3.18"
            },
            {
              "status": "affected",
              "version": "6.6.0"
            },
            {
              "status": "affected",
              "version": "6.6.0.1"
            },
            {
              "status": "affected",
              "version": "6.6.1"
            },
            {
              "status": "affected",
              "version": "6.6.3"
            },
            {
              "status": "affected",
              "version": "6.6.4"
            },
            {
              "status": "affected",
              "version": "6.6.5"
            },
            {
              "status": "affected",
              "version": "6.6.5.1"
            },
            {
              "status": "affected",
              "version": "6.6.5.2"
            },
            {
              "status": "affected",
              "version": "6.6.7"
            },
            {
              "status": "affected",
              "version": "6.6.7.1"
            },
            {
              "status": "affected",
              "version": "6.4.0"
            },
            {
              "status": "affected",
              "version": "6.4.0.1"
            },
            {
              "status": "affected",
              "version": "6.4.0.3"
            },
            {
              "status": "affected",
              "version": "6.4.0.2"
            },
            {
              "status": "affected",
              "version": "6.4.0.4"
            },
            {
              "status": "affected",
              "version": "6.4.0.5"
            },
            {
              "status": "affected",
              "version": "6.4.0.6"
            },
            {
              "status": "affected",
              "version": "6.4.0.7"
            },
            {
              "status": "affected",
              "version": "6.4.0.8"
            },
            {
              "status": "affected",
              "version": "6.4.0.9"
            },
            {
              "status": "affected",
              "version": "6.4.0.10"
            },
            {
              "status": "affected",
              "version": "6.4.0.11"
            },
            {
              "status": "affected",
              "version": "6.4.0.12"
            },
            {
              "status": "affected",
              "version": "6.4.0.13"
            },
            {
              "status": "affected",
              "version": "6.4.0.14"
            },
            {
              "status": "affected",
              "version": "6.4.0.15"
            },
            {
              "status": "affected",
              "version": "6.4.0.16"
            },
            {
              "status": "affected",
              "version": "6.7.0"
            },
            {
              "status": "affected",
              "version": "6.7.0.1"
            },
            {
              "status": "affected",
              "version": "6.7.0.2"
            },
            {
              "status": "affected",
              "version": "6.7.0.3"
            },
            {
              "status": "affected",
              "version": "7.0.0"
            },
            {
              "status": "affected",
              "version": "7.0.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.1.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            },
            {
              "status": "affected",
              "version": "7.0.2.1"
            },
            {
              "status": "affected",
              "version": "7.0.3"
            },
            {
              "status": "affected",
              "version": "7.0.4"
            },
            {
              "status": "affected",
              "version": "7.0.5"
            },
            {
              "status": "affected",
              "version": "7.1.0"
            },
            {
              "status": "affected",
              "version": "7.1.0.1"
            },
            {
              "status": "affected",
              "version": "7.1.0.2"
            },
            {
              "status": "affected",
              "version": "7.1.0.3"
            },
            {
              "status": "affected",
              "version": "7.2.0"
            },
            {
              "status": "affected",
              "version": "7.2.0.1"
            },
            {
              "status": "affected",
              "version": "7.2.1"
            },
            {
              "status": "affected",
              "version": "7.2.2"
            },
            {
              "status": "affected",
              "version": "7.2.3"
            },
            {
              "status": "affected",
              "version": "7.2.4"
            },
            {
              "status": "affected",
              "version": "7.3.0"
            },
            {
              "status": "affected",
              "version": "7.3.1"
            },
            {
              "status": "affected",
              "version": "7.3.1.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the VPN web client services component of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct browser-based attacks against users of an affected device. This vulnerability is due to improper validation of input that is passed to the VPN web client services component before being returned to the browser that is in use. An attacker could exploit this vulnerability by persuading a user to visit a website that is designed to pass malicious requests to a device that is running Cisco ASA Software or Cisco FTD Software and has web services endpoints supporting VPN features enabled. A successful exploit could allow the attacker to reflect malicious input from the affected device to the browser that is in use and conduct browser-based attacks, including cross-site scripting attacks. The attacker could not directly impact the affected device."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is aware that proof-of-concept exploit code is available for the vulnerability described in this advisory.\r\n\r\nThe Cisco PSIRT is not aware of any malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-444",
              "description": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request Smuggling\u0027)",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-25T16:57:06.740Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-asa-webvpn-LOeKsNmO",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-webvpn-LOeKsNmO"
        }
      ],
      "source": {
        "advisory": "cisco-sa-asa-webvpn-LOeKsNmO",
        "defects": [
          "CSCwa04262",
          "CSCwe93561",
          "CSCwf47924",
          "CSCwd95043"
        ],
        "discovery": "EXTERNAL"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2022-20713",
    "datePublished": "2022-08-10T16:20:10.618Z",
    "dateReserved": "2021-11-02T00:00:00.000Z",
    "dateUpdated": "2024-09-16T20:53:04.405Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-2466 (GCVE-0-2022-2466)

Vulnerability from cvelistv5 – Published: 2022-08-31 15:33 – Updated: 2024-08-03 00:39
VLAI
Summary
It was found that Quarkus 2.10.x does not terminate HTTP requests header context which may lead to unpredictable behavior.
Severity
No CVSS data available.
CWE
Assigner
References
Impacted products
Vendor Product Version
n/a quarkus Affected: quarkus 2.10.3
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T00:39:07.746Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/quarkusio/quarkus/issues/26748"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "quarkus",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "quarkus 2.10.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "It was found that Quarkus 2.10.x does not terminate HTTP requests header context which may lead to unpredictable behavior."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-444",
              "description": "CWE-444",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-08-31T15:33:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/quarkusio/quarkus/issues/26748"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2022-2466",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "quarkus",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "quarkus 2.10.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "It was found that Quarkus 2.10.x does not terminate HTTP requests header context which may lead to unpredictable behavior."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-444"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/quarkusio/quarkus/issues/26748",
              "refsource": "MISC",
              "url": "https://github.com/quarkusio/quarkus/issues/26748"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2022-2466",
    "datePublished": "2022-08-31T15:33:01.000Z",
    "dateReserved": "2022-07-19T00:00:00.000Z",
    "dateUpdated": "2024-08-03T00:39:07.746Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-0552 (GCVE-0-2022-0552)

Vulnerability from cvelistv5 – Published: 2022-04-11 19:38 – Updated: 2024-08-02 23:32
VLAI
Summary
A flaw was found in the original fix for the netty-codec-http CVE-2021-21409, where the OpenShift Logging openshift-logging/elasticsearch6-rhel8 container was incomplete. The vulnerable netty-codec-http maven package was not removed from the image content. This flaw affects origin-aggregated-logging versions 3.11.
Severity
No CVSS data available.
CWE
Assigner
Impacted products
Vendor Product Version
n/a origin-aggregated-logging/elasticsearch Affected: origin-aggregated-logging versions 3.11
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:32:46.206Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2052539"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2021-21409"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/openshift/origin-aggregated-logging/commit/d6b72d6c32e7c06b65324294d10406546734004d"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "origin-aggregated-logging/elasticsearch",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "origin-aggregated-logging versions 3.11"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in the original fix for the netty-codec-http CVE-2021-21409, where the OpenShift Logging openshift-logging/elasticsearch6-rhel8 container was incomplete. The vulnerable netty-codec-http maven package was not removed from the image content. This flaw affects origin-aggregated-logging versions 3.11."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-444",
              "description": "CWE-444",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-11T19:38:32.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2052539"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2021-21409"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/openshift/origin-aggregated-logging/commit/d6b72d6c32e7c06b65324294d10406546734004d"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2022-0552",
    "datePublished": "2022-04-11T19:38:32.000Z",
    "dateReserved": "2022-02-09T00:00:00.000Z",
    "dateUpdated": "2024-08-02T23:32:46.206Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-43797 (GCVE-0-2021-43797)

Vulnerability from cvelistv5 – Published: 2021-12-09 00:00 – Updated: 2024-08-04 04:03
VLAI
Title
HTTP fails to validate against control chars in header names which may lead to HTTP request smuggling
Summary
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. Netty prior to version 4.1.71.Final skips control chars when they are present at the beginning / end of the header name. It should instead fail fast as these are not allowed by the spec and could lead to HTTP request smuggling. Failing to do the validation might cause netty to "sanitize" header names before it forward these to another remote system when used as proxy. This remote system can't see the invalid usage anymore, and therefore does not do the validation itself. Users should upgrade to version 4.1.71.Final.
CWE
  • CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
Assigner
Impacted products
Vendor Product Version
netty netty Affected: <= 4.1.7.0.Final
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T04:03:08.898Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/netty/netty/commit/07aa6b5938a8b6ed7a6586e066400e2643897323"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220107-0003/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
          },
          {
            "name": "[debian-lts-announce] 20230111 [SECURITY] [DLA 3268-1] netty security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00008.html"
          },
          {
            "name": "DSA-5316",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5316"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "netty",
          "vendor": "netty",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c= 4.1.7.0.Final"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers \u0026 clients. Netty prior to version 4.1.71.Final skips control chars when they are present at the beginning / end of the header name. It should instead fail fast as these are not allowed by the spec and could lead to HTTP request smuggling. Failing to do the validation might cause netty to \"sanitize\" header names before it forward these to another remote system when used as proxy. This remote system can\u0027t see the invalid usage anymore, and therefore does not do the validation itself. Users should upgrade to version 4.1.71.Final."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-444",
              "description": "CWE-444: Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request Smuggling\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-01-12T00:00:00.000Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "url": "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq"
        },
        {
          "url": "https://github.com/netty/netty/commit/07aa6b5938a8b6ed7a6586e066400e2643897323"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20220107-0003/"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
        },
        {
          "name": "[debian-lts-announce] 20230111 [SECURITY] [DLA 3268-1] netty security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00008.html"
        },
        {
          "name": "DSA-5316",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2023/dsa-5316"
        }
      ],
      "source": {
        "advisory": "GHSA-wx5j-54mm-rqqq",
        "discovery": "UNKNOWN"
      },
      "title": "HTTP fails to validate against control chars in header names which may lead to HTTP request smuggling"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2021-43797",
    "datePublished": "2021-12-09T00:00:00.000Z",
    "dateReserved": "2021-11-16T00:00:00.000Z",
    "dateUpdated": "2024-08-04T04:03:08.898Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-41267 (GCVE-0-2021-41267)

Vulnerability from cvelistv5 – Published: 2021-11-24 18:55 – Updated: 2024-08-04 03:08
VLAI
Title
Webcache Poisoning in Symfony
Summary
Symfony/Http-Kernel is the HTTP kernel component for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Headers that are not part of the "trusted_headers" allowed list are ignored and protect users from "Cache poisoning" attacks. In Symfony 5.2, maintainers added support for the `X-Forwarded-Prefix` headers, but this header was accessible in SubRequest, even if it was not part of the "trusted_headers" allowed list. An attacker could leverage this opportunity to forge requests containing a `X-Forwarded-Prefix` header, leading to a web cache poisoning issue. Versions 5.3.12 and later have a patch to ensure that the `X-Forwarded-Prefix` header is not forwarded to subrequests when it is not trusted.
CWE
  • CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
Assigner
Impacted products
Vendor Product Version
symfony symfony Affected: >= 5.2.0, < 5.3.12
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T03:08:31.656Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/symfony/symfony/pull/44243"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/symfony/symfony/releases/tag/v5.3.12"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/symfony/symfony/security/advisories/GHSA-q3j3-w37x-hq2q"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/symfony/symfony/commit/95dcf51682029e89450aee86267e3d553aa7c487"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "symfony",
          "vendor": "symfony",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 5.2.0, \u003c 5.3.12"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Symfony/Http-Kernel is the HTTP kernel component for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Headers that are not part of the \"trusted_headers\" allowed list are ignored and protect users from \"Cache poisoning\" attacks. In Symfony 5.2, maintainers added support for the `X-Forwarded-Prefix` headers, but this header was accessible in SubRequest, even if it was not part of the \"trusted_headers\" allowed list. An attacker could leverage this opportunity to forge requests containing a `X-Forwarded-Prefix` header, leading to a web cache poisoning issue. Versions 5.3.12 and later have a patch to ensure that the `X-Forwarded-Prefix` header is not forwarded to subrequests when it is not trusted."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-444",
              "description": "CWE-444: Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request Smuggling\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-11-24T18:55:17.000Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/symfony/symfony/pull/44243"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/symfony/symfony/releases/tag/v5.3.12"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/symfony/symfony/security/advisories/GHSA-q3j3-w37x-hq2q"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/symfony/symfony/commit/95dcf51682029e89450aee86267e3d553aa7c487"
        }
      ],
      "source": {
        "advisory": "GHSA-q3j3-w37x-hq2q",
        "discovery": "UNKNOWN"
      },
      "title": "Webcache Poisoning in Symfony",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2021-41267",
          "STATE": "PUBLIC",
          "TITLE": "Webcache Poisoning in Symfony"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "symfony",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003e= 5.2.0, \u003c 5.3.12"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "symfony"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Symfony/Http-Kernel is the HTTP kernel component for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Headers that are not part of the \"trusted_headers\" allowed list are ignored and protect users from \"Cache poisoning\" attacks. In Symfony 5.2, maintainers added support for the `X-Forwarded-Prefix` headers, but this header was accessible in SubRequest, even if it was not part of the \"trusted_headers\" allowed list. An attacker could leverage this opportunity to forge requests containing a `X-Forwarded-Prefix` header, leading to a web cache poisoning issue. Versions 5.3.12 and later have a patch to ensure that the `X-Forwarded-Prefix` header is not forwarded to subrequests when it is not trusted."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-444: Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request Smuggling\u0027)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/symfony/symfony/pull/44243",
              "refsource": "MISC",
              "url": "https://github.com/symfony/symfony/pull/44243"
            },
            {
              "name": "https://github.com/symfony/symfony/releases/tag/v5.3.12",
              "refsource": "MISC",
              "url": "https://github.com/symfony/symfony/releases/tag/v5.3.12"
            },
            {
              "name": "https://github.com/symfony/symfony/security/advisories/GHSA-q3j3-w37x-hq2q",
              "refsource": "CONFIRM",
              "url": "https://github.com/symfony/symfony/security/advisories/GHSA-q3j3-w37x-hq2q"
            },
            {
              "name": "https://github.com/symfony/symfony/commit/95dcf51682029e89450aee86267e3d553aa7c487",
              "refsource": "MISC",
              "url": "https://github.com/symfony/symfony/commit/95dcf51682029e89450aee86267e3d553aa7c487"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-q3j3-w37x-hq2q",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2021-41267",
    "datePublished": "2021-11-24T18:55:17.000Z",
    "dateReserved": "2021-09-15T00:00:00.000Z",
    "dateUpdated": "2024-08-04T03:08:31.656Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-41136 (GCVE-0-2021-41136)

Vulnerability from cvelistv5 – Published: 2021-10-12 15:30 – Updated: 2025-05-27 15:16
VLAI
Title
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in puma
Summary
Puma is a HTTP 1.1 server for Ruby/Rack applications. Prior to versions 5.5.1 and 4.3.9, using `puma` with a proxy which forwards HTTP header values which contain the LF character could allow HTTP request smugggling. A client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. The only proxy which has this behavior, as far as the Puma team is aware of, is Apache Traffic Server. If the proxy uses persistent connections and the client adds another request in via HTTP pipelining, the proxy may mistake it as the first request's body. Puma, however, would see it as two requests, and when processing the second request, send back a response that the proxy does not expect. If the proxy has reused the persistent connection to Puma to send another request for a different client, the second response from the first client will be sent to the second client. This vulnerability was patched in Puma 5.5.1 and 4.3.9. As a workaround, do not use Apache Traffic Server with `puma`.
CWE
  • CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
Assigner
References
Impacted products
Vendor Product Version
puma puma Affected: >= 5.0.0, < 5.5.1
Affected: < 4.3.9
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T02:59:31.645Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/puma/puma/security/advisories/GHSA-48w2-rm65-62xx"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/puma/puma/commit/acdc3ae571dfae0e045cf09a295280127db65c7f"
          },
          {
            "name": "DSA-5146",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5146"
          },
          {
            "name": "GLSA-202208-28",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202208-28"
          },
          {
            "name": "[debian-lts-announce] 20220827 [SECURITY] [DLA 3083-1] puma security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00015.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "puma",
          "vendor": "puma",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 5.0.0, \u003c 5.5.1"
            },
            {
              "status": "affected",
              "version": "\u003c 4.3.9"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Puma is a HTTP 1.1 server for Ruby/Rack applications. Prior to versions 5.5.1 and 4.3.9, using `puma` with a proxy which forwards HTTP header values which contain the LF character could allow HTTP request smugggling. A client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. The only proxy which has this behavior, as far as the Puma team is aware of, is Apache Traffic Server. If the proxy uses persistent connections and the client adds another request in via HTTP pipelining, the proxy may mistake it as the first request\u0027s body. Puma, however, would see it as two requests, and when processing the second request, send back a response that the proxy does not expect. If the proxy has reused the persistent connection to Puma to send another request for a different client, the second response from the first client will be sent to the second client. This vulnerability was patched in Puma 5.5.1 and 4.3.9. As a workaround, do not use Apache Traffic Server with `puma`."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-444",
              "description": "CWE-444: Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-27T15:16:10.431Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/puma/puma/security/advisories/GHSA-48w2-rm65-62xx",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/puma/puma/security/advisories/GHSA-48w2-rm65-62xx"
        },
        {
          "name": "https://github.com/puma/puma/commit/436c71807f00e07070902a03f79fd3e130eb6b18",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/puma/puma/commit/436c71807f00e07070902a03f79fd3e130eb6b18"
        },
        {
          "name": "https://github.com/puma/puma/commit/acdc3ae571dfae0e045cf09a295280127db65c7f",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/puma/puma/commit/acdc3ae571dfae0e045cf09a295280127db65c7f"
        },
        {
          "name": "https://github.com/puma/puma/commit/fb6ad8f8013ab5cdbb2f444cbfabd0b4fde71139",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/puma/puma/commit/fb6ad8f8013ab5cdbb2f444cbfabd0b4fde71139"
        }
      ],
      "source": {
        "advisory": "GHSA-48w2-rm65-62xx",
        "discovery": "UNKNOWN"
      },
      "title": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request Smuggling\u0027) in puma"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2021-41136",
    "datePublished": "2021-10-12T15:30:11.000Z",
    "dateReserved": "2021-09-15T00:00:00.000Z",
    "dateUpdated": "2025-05-27T15:16:10.431Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-39214 (GCVE-0-2021-39214)

Vulnerability from cvelistv5 – Published: 2021-09-16 15:10 – Updated: 2024-08-04 01:58
VLAI
Title
Lacking Protection against HTTP Request Smuggling in mitmproxy
Summary
mitmproxy is an interactive, SSL/TLS-capable intercepting proxy. In mitmproxy 7.0.2 and below, a malicious client or server is able to perform HTTP request smuggling attacks through mitmproxy. This means that a malicious client/server could smuggle a request/response through mitmproxy as part of another request/response's HTTP message body. While a smuggled request is still captured as part of another request's body, it does not appear in the request list and does not go through the usual mitmproxy event hooks, where users may have implemented custom access control checks or input sanitization. Unless one uses mitmproxy to protect an HTTP/1 service, no action is required. The vulnerability has been fixed in mitmproxy 7.0.3 and above.
CWE
  • CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
Assigner
References
Impacted products
Vendor Product Version
mitmproxy mitmproxy Affected: < 7.0.3
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T01:58:18.196Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/mitmproxy/mitmproxy/security/advisories/GHSA-22gh-3r9q-xf38"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "mitmproxy",
          "vendor": "mitmproxy",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 7.0.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "mitmproxy is an interactive, SSL/TLS-capable intercepting proxy. In mitmproxy 7.0.2 and below, a malicious client or server is able to perform HTTP request smuggling attacks through mitmproxy. This means that a malicious client/server could smuggle a request/response through mitmproxy as part of another request/response\u0027s HTTP message body. While a smuggled request is still captured as part of another request\u0027s body, it does not appear in the request list and does not go through the usual mitmproxy event hooks, where users may have implemented custom access control checks or input sanitization. Unless one uses mitmproxy to protect an HTTP/1 service, no action is required. The vulnerability has been fixed in mitmproxy 7.0.3 and above."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-444",
              "description": "CWE-444: Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request Smuggling\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-09-16T15:10:10.000Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/mitmproxy/mitmproxy/security/advisories/GHSA-22gh-3r9q-xf38"
        }
      ],
      "source": {
        "advisory": "GHSA-22gh-3r9q-xf38",
        "discovery": "UNKNOWN"
      },
      "title": "Lacking Protection against HTTP Request Smuggling in mitmproxy",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2021-39214",
          "STATE": "PUBLIC",
          "TITLE": "Lacking Protection against HTTP Request Smuggling in mitmproxy"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "mitmproxy",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003c 7.0.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "mitmproxy"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "mitmproxy is an interactive, SSL/TLS-capable intercepting proxy. In mitmproxy 7.0.2 and below, a malicious client or server is able to perform HTTP request smuggling attacks through mitmproxy. This means that a malicious client/server could smuggle a request/response through mitmproxy as part of another request/response\u0027s HTTP message body. While a smuggled request is still captured as part of another request\u0027s body, it does not appear in the request list and does not go through the usual mitmproxy event hooks, where users may have implemented custom access control checks or input sanitization. Unless one uses mitmproxy to protect an HTTP/1 service, no action is required. The vulnerability has been fixed in mitmproxy 7.0.3 and above."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-444: Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request Smuggling\u0027)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/mitmproxy/mitmproxy/security/advisories/GHSA-22gh-3r9q-xf38",
              "refsource": "CONFIRM",
              "url": "https://github.com/mitmproxy/mitmproxy/security/advisories/GHSA-22gh-3r9q-xf38"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-22gh-3r9q-xf38",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2021-39214",
    "datePublished": "2021-09-16T15:10:10.000Z",
    "dateReserved": "2021-08-16T00:00:00.000Z",
    "dateUpdated": "2024-08-04T01:58:18.196Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation
Implementation

Use a web server that employs a strict HTTP parsing procedure, such as Apache [REF-433].

Mitigation
Implementation

Use only SSL communication.

Mitigation
Implementation

Terminate the client session after each request.

Mitigation
System Configuration

Turn all pages to non-cacheable.

CAPEC-273: HTTP Response Smuggling

An adversary manipulates and injects malicious content in the form of secret unauthorized HTTP responses, into a single HTTP response from a vulnerable or compromised back-end HTTP agent (e.g., server).

See CanPrecede relationships for possible consequences.

CAPEC-33: HTTP Request Smuggling

An adversary abuses the flexibility and discrepancies in the parsing and interpretation of HTTP Request messages using various HTTP headers, request-line and body parameters as well as message sizes (denoted by the end of message signaled by a given HTTP header) by different intermediary HTTP agents (e.g., load balancer, reverse proxy, web caching proxies, application firewalls, etc.) to secretly send unauthorized and malicious HTTP requests to a back-end HTTP agent (e.g., web server).

See CanPrecede relationships for possible consequences.