A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the server attempts to read HTTP2 frames from the connection, it will instead be reading the body of the HTTP request, which could be attacker-manipulated to represent arbitrary HTTP2 requests.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: Go
Published: 2023-01-13T22:46:22.064Z
Updated: 2024-08-03T12:49:43.550Z
Reserved: 2022-09-28T17:00:06.609Z
Link: CVE-2022-41721
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-01-13T23:15:09.250
Modified: 2024-11-21T07:23:44.170
Link: CVE-2022-41721
Redhat