CVE-2021-41436

HIGH Year: 2021
CVSS v3 Score
7.5
High
CVSS v2 Score
7.8
High
Weakness Type
CWE-444
View all →

Vulnerability Description

An HTTP request smuggling in web application in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT-AX56U_V2, RT-AX58U, RT-AX82U, RT-AX82U GUNDAM EDITION, RT-AX86 Series(RT-AX86U/RT-AX86S), RT-AX86U ZAKU II EDITION, RT-AX88U, RT-AX92U, TUF Gaming AX3000, TUF Gaming AX5400 (TUF-AX5400), ASUS ZenWiFi XD6, ASUS ZenWiFi AX (XT8) before 3.0.0.4.386.45898, and RT-AX68U before 3.0.0.4.386.45911, allows a remote unauthenticated attacker to DoS via sending a specially crafted HTTP packet.

Related Vulnerabilities

CVE-2017-12165

HIGH
CVSS:7.5(High)

It was discovered that Undertow before 1.4.17, 1.3.31 and 2.0.0 processes http request headers with unusual whitespaces which can cause possible http request smuggling.

CWE-4442017

CVE-2017-7656

HIGH
CVSS:7.5(High)

In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), HTTP/0.9 is handled poorly. An HTTP/1 style request line ...

CWE-4442017

CVE-2019-1020012

HIGH
CVSS:7.5(High)

parse-server before 3.4.1 allows DoS after any POST to a volatile class.

CWE-4442019

CVE-2019-16276

HIGH
CVSS:7.5(High)

Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling.

CWE-4442019

CVE-2019-16785

HIGH
CVSS:7.5(High)

Waitress through version 1.3.1 implemented a "MAY" part of the RFC7230 which states: "Although the line terminator for the start-line and header fields is the sequence CRLF, a recipient MAY recognize ...

CWE-4442019

CVE-2019-16786

HIGH
CVSS:7.5(High)

Waitress through version 1.3.1 would parse the Transfer-Encoding header and only look for a single string value, if that value was not chunked it would fall through and use the Content-Length header i...

CWE-4442019