Discrepancies in how front-end and back-end servers parse HTTP requests allow attackers to smuggle ambiguous requests, bypassing security controls and interfering with other users' requests.
An attacker could bypass security controls, gain unauthorized access to sensitive data, poison web caches, hijack other users' requests, or perform cross-site scripting attacks.
Ensure consistent HTTP parsing between front-end and back-end servers. Use HTTP/2 end-to-end where possible. Disable connection reuse on back-end connections. Normalize ambiguous requests at the front-end proxy.