# HTTP Request Smuggling



## mimo2005 (Oct 2, 2004)

Multiple vendors are vulnerable to a new class of attack named 'HTTP Request Smuggling' that revolves around piggybacking a HTTP request inside of another HTTP request, which could let a remote malicious user conduct cache poisoning, cross-site scripting, session hijacking, as well as bypassing web application firewall protection and other attacks.

http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf


----------

