net/http: denial of service due to improper 100-continue handling
The net/http HTTP/1.1 client mishandled the case where a
server responds to a request with an "Expect: 100-continue"
header with a non-informational (200 or higher) status. This
mishandling could leave a client connection in an invalid
state, where the next request sent on the connection will
fail.
An attacker sending a request to a
net/http/httputil.ReverseProxy proxy can exploit this
mishandling to cause a denial of service by sending "Expect:
100-continue" requests which elicit a non-informational
response from the backend. Each such request leaves the
proxy with an invalid connection, and causes one subsequent
request using that connection to fail.