Apache HTTP Request Smuggling Vulnerability
Apache is prone to an HTTP-request-smuggling attack.
A specially crafted request with a 'Transfer-Encoding: chunked' header and a 'Content-Length' header can cause the server to forward a reassembled request with the original 'Content-Length' header. As a result, the malicious request may piggyback on the valid HTTP request.
This attack may result in cache poisoning, cross-site scripting, session hijacking, and other attacks.
NOTE: This issue was originally described in BID 13873 (Multiple Vendor Multiple HTTP Request Smuggling Vulnerabilities). Since vendor confirmation and more details are available, the issue has now been assigned a new BID.