On 18/12/2023 09:50, purtrator wrote:
There are many types of things one can do with HTTP Request Smuggling,
is this an attack where header theft, cache poisoning or even response
queue poisoning is possible?
What are the possible damage scenarios?
Assume that any attack enabled by request smuggling is possible.
And finally I wonder what the restrictions of this issue are
Does it work over HTTP/2 or HTTP/1.1 or both?
HTTP/1.1 only.
The use of separate streams in HTTP/2 for each request prevents this
type of attack.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
