I found a bug in Proxygen's HTTP parser that is usable to execute request smuggling attacks against Proxygen-based web services when they are running behind any of the following HTTP intermediary servers:
Apache Traffic Server
Google Cloud Classic Application Load Balancer
Akamai
Unfortunately, I can't report this vulnerability without a Facebook account, which I don't have. Could someone from the Proxygen team please get in touch with me using email? My email address is at the bottom of my webpage.
I found a bug in Proxygen's HTTP parser that is usable to execute request smuggling attacks against Proxygen-based web services when they are running behind any of the following HTTP intermediary servers:
Unfortunately, I can't report this vulnerability without a Facebook account, which I don't have. Could someone from the Proxygen team please get in touch with me using email? My email address is at the bottom of my webpage.
Thanks!