Tootfinder

Opt-in global Mastodon full text search. Join the index!

@kubikpixel@chaos.social
2025-10-13 05:05:40

HTTP/1.1 must die: the desync endgame
Upstream HTTP/1.1 is inherently insecure and regularly exposes millions of websites to hostile takeover. Six years of attempted mitigations have hidden the issue, but failed to fix it.
🌐 portswigger.net/research/http1

HTTP/1.1 must die: the desync endgame
Abstract Upstream HTTP/1.1 is inherently insecure and regularly exposes millions of websites to hostile takeover. Six years of attempted mitigations have hidden the issue, but failed to fix it. This p

@fanf@mendeddrum.org
2025-10-31 18:42:01

from my link log —
HTTP desync attacks: request smuggling reborn.
portswigger.net/research/http-
saved 2020-03-13

HTTP Desync Attacks: Request Smuggling Reborn
HTTP Desync Attacks: Request Smuggling Reborn