Altitude Communication Server CVE-2025-41082
Lifecycle Timeline
2DescriptionCVE.org
Illegal HTTP request traffic vulnerability (CL.0) in Altitude Communication Server, caused by inconsistent analysis of multiple HTTP requests over a single Keep-Alive connection using Content-Length headers. This can cause a desynchronization of requests between frontend and backend servers, which could allow request hiding, cache poisoning or security bypass.
AnalysisAI
Illegal HTTP request traffic vulnerability (CL.0) in Altitude Communication Server, caused by inconsistent analysis of multiple HTTP requests over a single Keep-Alive connection using Content-Length headers.
Technical ContextAI
Classified as CWE-444 (HTTP Request/Response Smuggling). Illegal HTTP request traffic vulnerability (CL.0) in Altitude Communication Server, caused by inconsistent analysis of multiple HTTP requests over a single Keep-Alive connection using Content-Length headers. This can cause a desynchronization of requests between frontend and backend servers, which could allow request hiding, cache poisoning or security bypass.
Affected ProductsAI
Illegal HTTP request traffic vulnerability (CL.0) in Altitude Communication Server, caused by inconsistent analysis of multiple HTTP requests over a s
RemediationAI
Monitor vendor advisories for a patch.
Same weakness CWE-444 – HTTP Request/Response Smuggling
View allSame technique Code Injection
View allShare
External POC / Exploit Code
Leaving vuln.today