meinheld is vulnerable to HTTP request smuggling. Lack of validation in the Content-Length
header and Transfer Encoding
headers allowed an attacker to perform HTTP smuggling attacks which could lead to XSS attacks and poisonining a user’s web-cache and allows the attacker to obtain confidential information.