> all 15 compromised Ukrainian sites were using an outdated version of the October CMS, vulnerable to CVE-2021-32648.
That cve looks like it was caused by someone doing == instead of === in php.
My question was things like request smuggling and protocol abuse attacks have ever been seen in the "wild".
> all 15 compromised Ukrainian sites were using an outdated version of the October CMS, vulnerable to CVE-2021-32648.
That cve looks like it was caused by someone doing == instead of === in php.
My question was things like request smuggling and protocol abuse attacks have ever been seen in the "wild".