Re: i19 Bodies on GET (and other) requests

Henrik Nordstrom wrote:
> Hmm.. maybe there is also request smuggling attacks possible
> here if there is some server/proxy software ignoring that there may be a
> request body..

See also "Content-Length : 12345" (note the space).  I think that is
interpreted as a Content-Length header by some agents, and a
"Content-Length " header by others (i.e. not implying a body), and
disallowed as bad syntax by others.  Ample opportunities for request

-- Jamie

Received on Tuesday, 16 January 2007 22:06:45 UTC