|
|
|
|
|
|
by albinowax_
1774 days ago
|
|
|
Good question! So, my understanding is that the majority of servers that are vulnerable to regular cross-user HTTP Request Smuggling (IE, reuse connections to the back-end server) are exposed to this terrifying response queue poisoning attack. This applies to all desync types CL.TE, TE.CL, H2.CL, etc. The reason I discovered this in the H2.X case, is because it's particularly easy to trigger response queue poisoning by accident in this scenario. That said, I haven't actually tested this on very many live servers, for obvious reasons! |
|
|