HTTP Request Smuggling
Variants:
Direct
Also Known As:
HTTP Request Splitting
Vector Type:
Attack
Relevance:
Generic
Layer:
Web-Infrastructure-Level
Platforms:
Any
Target Type:
Web Application
Affected Mechanisms:
Web Server Configuration, Hardening
Invented In:
01/06/2005
Added In:
09/12/2014
Vector Operation Method:
Use abnormal HTTP requests to abuse HTTP parsing differences of server side components - often proxies - to smuggle requests to the server, in order to achieve affects such as proxy cache poisoning, XSS and firewall restrictions bypassing.
