An external audit of our APIs has revelled that we're vulnerable to an HTTP Request Smuggling attack, where a maliciously crafted request contains both a Content-Length and Transfer-Encoding:Chunked header, or two Content-Length headers. This can result in two requests being sent to the target.
Is there a known solution to this?
LinkedIn
Twitter
