IronBits
07-08-2005, 10:14 AM
Extract:
All versions of Apache previous to 2.1.6 are vulnerable to a HTTP request smuggling attack which can allow malicious piggybacking of false HTTP requests hidden within valid content. This method of HTTP Request Smuggling was first discussed by Watchfire some time ago. The issue has been addressed by an update to version 2.1.6.
http://www.whitedust.net/speaks/825/Apache%20Request%20Smuggling%20Vulnerability/
All versions of Apache previous to 2.1.6 are vulnerable to a HTTP request smuggling attack which can allow malicious piggybacking of false HTTP requests hidden within valid content. This method of HTTP Request Smuggling was first discussed by Watchfire some time ago. The issue has been addressed by an update to version 2.1.6.
http://www.whitedust.net/speaks/825/Apache%20Request%20Smuggling%20Vulnerability/