How severe is CVE-2021-46825?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.1 out of 10.

What type of vulnerability is CVE-2021-46825?

This is classified as CWE-444, which is a common weakness in software security.

CVE-2021-46825 - CRITICAL Severity | CVSS 9.1

Vulnerability Description

Symantec Advanced Secure Gateway (ASG) and ProxySG are susceptible to an HTTP desync vulnerability. When a remote unauthenticated attacker and other web clients communicate through the proxy with the same web server, the attacker can send crafted HTTP requests and cause the proxy to forward web server responses to unintended clients. Severity/CVSSv3: High / 8.1 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Related Vulnerabilities

CVE-2018-21245

CRITICAL

CVSS:9.1(Critical)

Pound before 2.8 allows HTTP request smuggling, a related issue to CVE-2016-10711.

CWE-4442018

CVE-2018-3907

CRITICAL

CVSS:9.1(Critical)

An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly handles pip...

CWE-4442018

CVE-2018-3908

CRITICAL

CVSS:9.1(Critical)

An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The video-core process incorrectly handles pipel...

CWE-4442018

CVE-2018-3909

CRITICAL

CVSS:9.1(Critical)

CWE-4442018

CVE-2019-20444

CRITICAL

CVSS:9.1(Critical)

HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid...

CWE-4442019

CVE-2019-20445

CRITICAL

CVSS:9.1(Critical)

HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header.

CWE-4442019