All versions of Apache previous to 2.1.6 are vulnerable to a HTTP request smuggling attack which can allow malicious piggybacking of false HTTP requests hidden within valid content. This method of HTTP Request Smuggling was first discussed by Watchfire some time ago. The issue has been addressed by an update to version 2.1.6.

The vulnerability involves a crafted request with a 'Transfer-Encoding: chunked' header and a 'Content-Length' can cause Apache to forward a modified request with the original 'Content-Length' header. The malicious request may then piggyback with the valid HTTP request possibly resulting in cache poisoning, cross-site scripting, session hijacking and other various kinds of attack. This vulnerability has resurfaced due to vendor confirmation, the original Watchfire Whitepaper on HTTP Request Smuggling is here.

addict3d reports that mostly all Apache 2.0.x versions, on the major platforms, are vulnerable to this attack. Apache has promptly released a 2.1.6 version of their HTTP software to address this issue.

The link for this article located at Whitedust Security is no longer available.