Dark Reading

New HTTP Request Smuggling Attacks Target Web Browsers

BLACK HAT USA – LAS VEGAS – A security researcher who previously demonstrated how attackers can abuse weaknesses in the way websites handle HTTP requests warned that the same issues can be used in ...
Security Boulevard

Hidden Risks Behind HTTP Request Smuggling

Web applications rely on multiple layers of infrastructure to process user requests efficiently. Load balancers, reverse proxies, caching servers, and application servers all work together to improve ...
ZDNet

HAProxy urges users to update after HTTP request smuggling vulnerability found

Users of HAProxy 2.0 and later versions are being urged to push through updates after a vulnerability was found that could allow "an attacker to bypass the check for a duplicate HTTP Content-Length ...
Dark Reading

Free Tool Scans Web Servers for Vulnerability to HTTP Header-Smuggling Attacks

A researcher has created a method for testing and identifying how HTTP/HTTPS headers can be abused to sneak malicious code into back-end servers. Daniel Thatcher, researcher and penetration tester at ...
Bleeping Computer

Slack Bug Allowed Automating Account Takeover Attacks

Slack has fixed a security flaw that allowed hackers to automate the takeover of arbitrary accounts after stealing session cookies using an HTTP Request Smuggling CL ...