Tag
Jetty HTTP Request Smuggling via Chunked Extension Quoted-String Parsing
2 rules 1 TTP 1 CVE 2 IOCsJetty is vulnerable to HTTP request smuggling due to improper parsing of quoted strings in HTTP/1.1 chunked transfer encoding extension values, potentially allowing attackers to inject arbitrary HTTP requests, poison caches, and bypass security controls.
Eclipse Jetty HTTP/1.1 Request Smuggling via Chunk Extensions (CVE-2026-2332)
2 rules 3 TTPs 1 CVE 2 IOCsEclipse Jetty's HTTP/1.1 parser is vulnerable to request smuggling due to improper handling of chunk extensions, allowing attackers to inject malicious requests.
Apache Traffic Server Vulnerabilities Leading to Denial of Service
2 rules 2 TTPsA remote attacker can exploit multiple vulnerabilities in Apache Traffic Server to conduct a denial of service or request smuggling attack.
Undertow Request Smuggling Vulnerability (CVE-2026-28368)
2 rules 1 TTPCVE-2026-28368 is a vulnerability in Undertow that allows a remote attacker to construct specially crafted requests, leading to request smuggling attacks and potential bypass of security controls, resulting in unauthorized resource access.
Undertow HTTP Request Smuggling Vulnerability (CVE-2026-28367)
2 rules 1 TTPA remote attacker can exploit CVE-2026-28367 in Undertow by sending '\r\r\r' as a header block terminator, leading to request smuggling on vulnerable proxy servers.
Netty HTTP Request Smuggling via Chunked Extension Quoted-String Parsing
2 rules 1 TTP 2 IOCsNetty incorrectly parses quoted strings in HTTP/1.1 chunked transfer encoding extension values, enabling request smuggling attacks by terminating chunk header parsing at \r\n inside quoted strings instead of rejecting the malformed request.