Open
Description
I found a bug in Proxygen's HTTP parser that is usable to execute request smuggling attacks against Proxygen-based web services when they are running behind any of the following HTTP intermediary servers:
- Apache Traffic Server
- Google Cloud Classic Application Load Balancer
- Akamai
Unfortunately, I can't report this vulnerability without a Facebook account, which I don't have. Could someone from the Proxygen team please get in touch with me using email? My email address is at the bottom of my webpage.
Thanks!