Vulnerabilities
HTTP Desync Attack
Also known as: HTTP/1.1 desync, Connection-state attack
Definition
A modern form of HTTP request smuggling that desynchronises a chain of proxies and servers to inject malicious traffic into other users' connections.
Examples
- HTTP/2-to-HTTP/1.1 downgrade desync that exfiltrates other users' session cookies.
- Front-end keep-alive desync that hijacks the next request to an internal admin URL.
Related terms
HTTP Request Smuggling
An attack that exploits disagreements between a front-end proxy and a back-end server on how an HTTP request ends, so an attacker can sneak a hidden second request through.
HTTP Response Splitting
An injection vulnerability where untrusted CR/LF characters in user input force the server to emit additional, attacker-controlled HTTP responses.
Cache Poisoning
An attack that stores a malicious response in a shared cache so that other users later receive the attacker's content.
Web Cache Deception
An attack where a malicious URL tricks an intermediary cache into storing a victim's authenticated, sensitive response under a publicly cacheable path.
Reverse Proxy
Reverse Proxy — definition coming soon.
Session Hijacking
An attack that takes over a victim's authenticated session by stealing or forging the session identifier so the attacker can act as the user without their credentials.