Multiple vendors are vulnerable to a new class of attack named ‘HTTP
Request Smuggling’ that revolves around piggybacking a HTTP request
inside of another HTTP request, which could let a remote malicious user
conduct cache poisoning, cross-site scripting, session hijacking, as
well as bypassing web application firewall protection and other
attacks. CERT has ranked this attack and the associated vulnerabilties
found in multiple products as High Risk. more