Polarizing Parsers
9 months ago
- #Security
- #Proxy
- #HTTP
- The web is predicted to crash due to a redux of request smuggling vulnerabilities.
- HTTP/1.1 servers may be vulnerable to attacks involving duplicate Content-Length headers.
- Go-based proxies and servers may handle requests uniformly, reducing vulnerability.
- The proxy design ensures that once a request is parsed, it remains consistent for backends.
- Portswigger identified an access control bypass using duplicate Host headers.
- The issue may stem from proxies like Akamai sending invalid requests rather than protocol flaws.
- A countdown suggests imminent revelation regarding the vulnerability's impact.