Slashdot Mirror


Apache Request Smuggling Vulnerability Found

An anonymous reader writes "Whitedust is reporting on a HTTP request smuggling vulnerability in Apache. The flaw apparently allows attackers to piggy back valid HTTP requests over the 'Content-Length:' header, which can result in cache poisoning, cross-site scripting, session hijacking and other various kinds of attack. This flaw affects most of the 2.0.x branch of Apache's HTTPD server."

1 of 168 comments (clear)

  1. Wait a sec.. by rylin · · Score: 5, Interesting

    1.3.x is very stable and production ready
    2.0.x is very stable and production ready, but it doesn't have the same amount of years on its neck as 1.3.x - and thus doesn't have as widespread deployment.
    2.1.x is alpha-quality, and it has the fix..

    messed up priorities?