protocol-http1 is vulnerable to HTTP Request Smuggling. The vulnerability exists in the read
function of chunked.rb
due to improper HTTP/1 implementation based on the RFC spec, such as allowing Content-Length header values with a +
or 0x
prefix, which can lead to HTTP request smuggling and firewall bypassing.
CPE | Name | Operator | Version |
---|---|---|---|
protocol-http1 | le | 0.15.0 | |
protocol-http1 | le | 0.15.0 |