Slashdot Mirror


Apache Request Smuggling Vulnerability Found

An anonymous reader writes "Whitedust is reporting on a HTTP request smuggling vulnerability in Apache. The flaw apparently allows attackers to piggy back valid HTTP requests over the 'Content-Length:' header, which can result in cache poisoning, cross-site scripting, session hijacking and other various kinds of attack. This flaw affects most of the 2.0.x branch of Apache's HTTPD server."

2 of 168 comments (clear)

  1. Oh shit by Anonymous Coward · · Score: -1, Redundant

    not good not good

  2. yet another by Anonymous Coward · · Score: -1, Redundant

    reason not to use the 2.x series

    too many cooks spoil the broth