Full title: Apache 2.4.55 mod_proxy HTTP Request Smuggling Exploit 
Category: web applications
Platform: multiple
Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow for an HTTP request smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied request-target (URL) data and is then re-inserted into the proxied request-target using variable substitution.

# 0day.today @ http://0day.today/