Inconsistent Interpretation of HTTP Requests (‘HTTP Request/Response Smuggling’)
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-444: Inconsistent Interpretation of HTTP Requests (‘HTTP Request/Response Smuggling’) |
| OWASP | A04:2021 - Insecure Design |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Low |
Description#
The app service is not configured to use HTTP/2, which means it may be missing important security and performance updates provided by newer protocols. Enabling HTTP/2 helps ensure secure and efficient communication between clients and your application.
Impact#
If HTTP/2 is not enabled, the app may be more susceptible to certain attacks like HTTP request smuggling, and could miss out on protocol-level security improvements. This can expose the application to vulnerabilities that could allow attackers to intercept, manipulate, or disrupt traffic, potentially compromising user data or application functionality.