Re: [#95] Multiple Content-Lengths from William A. Rowe Jr. on 2010-10-13 (ietf-http-wg@w3.org from October to December 2010)

From: William A. Rowe Jr. <wrowe@rowe-clan.net>
Date: Tue, 12 Oct 2010 21:05:50 -0500
To: Adrien de Croy <adrien@qbik.com>
CC: Willy Tarreau <w@1wt.eu>, Adam Barth <w3c@adambarth.com>, Julian Reschke <julian.reschke@gmx.de>, "William Chan (?????????)" <willchan@chromium.org>, "Roy T. Fielding" <fielding@gbiv.com>, Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <4CB513FE.4010606@rowe-clan.net>

On 10/12/2010 3:47 PM, Adrien de Croy wrote:
> 
> I'm struggling to see how this could be used in an attack though.

Familiarize yourself with the Watchfire HTTP Smuggling attack vector.
http://svn.apache.org/repos/asf/httpd/docs-build/trunk/

Received on Wednesday, 13 October 2010 02:06:32 UTC