On 18/12/2023 09:50, purtrator wrote:
There are many types of things one can do with HTTP Request Smuggling,
is this an attack where header theft, cache poisoning or even response
queue poisoning is possible?
What are the possible damage scenarios?
Assume that any attack enabled by request smu
There are many types of things one can do with HTTP Request Smuggling,
is this an attack where header theft, cache poisoning or even response
queue poisoning is possible?
What are the possible damage scenarios?
And finally I wonder what the restrictions of this issue are
Does it work over HTTP/2
On 14/12/2023 16:13, Benny Prange wrote:
Am Do., 14. Dez. 2023 um 16:51 Uhr schrieb Mark Thomas :
On 14/12/2023 15:33, Benny Prange wrote:
Hi all,
I am having trouble understanding the description of CVE-2023-46589.
Does this CVE affect scenarios where the Apache Tomcat is the reverse
proxy,
Am Do., 14. Dez. 2023 um 16:51 Uhr schrieb Mark Thomas :
> On 14/12/2023 15:33, Benny Prange wrote:
> > Hi all,
> >
> > I am having trouble understanding the description of CVE-2023-46589.
> > Does this CVE affect scenarios where the Apache Tomcat is the reverse
> > proxy, or or when the Apache To
On 14/12/2023 15:33, Benny Prange wrote:
Hi all,
I am having trouble understanding the description of CVE-2023-46589.
Does this CVE affect scenarios where the Apache Tomcat is the reverse
proxy, or or when the Apache Tomcat is running behind a reverse proxy?
Is the Tomcat vulnerable to request s
Hi all,
I am having trouble understanding the description of CVE-2023-46589.
Does this CVE affect scenarios where the Apache Tomcat is the reverse
proxy, or or when the Apache Tomcat is running behind a reverse proxy?
Is the Tomcat vulnerable to request smuggling, or other applications
running beh
