Primary

Context

Hiawatha Webserver Request Smuggling Vulnerability

Vulnerability

A request smuggling vulnerability has been identified in Hiawatha Webserver version 11.7. This issue arises from improper header parsing, which may allow an unauthenticated attacker to access restricted resources managed by the webserver.

Impact

Exploitation of this vulnerability could lead to unauthorized access to restricted resources on the server.

Reproduction

The vulnerability can be reproduced by sending a crafted HTTP request that takes advantage of the server's improper header parsing. This can be done by manipulating the 'Content-Length' or 'Transfer-Encoding' headers to create a smuggling effect, where one part of the request is processed differently than intended, potentially allowing access to restricted resources.

Added: Jan 26, 2026, 6:36 PM

Updated: Jan 26, 2026, 9:21 PM

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

2.5

exploitability

8.0

remediation

0.0

relevance

2.4

threat

4.8

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

2.5

exploitability

8.0

remediation

0.0

relevance

2.4

threat

4.8

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Hiawatha Webserver Request Smuggling Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

Hiawatha

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating