We had the Insecure Deployment: HTTP Request Smuggling vulnerability appear on a site recently. The site is HTTPS only. How can there be HTTP request smuggling occuring on a site that doesn't use HTTP?
On the report, this issue and every other discovered issue are off of https://the.site:443/
The fact that https is even referred to twice in the target url makes me wonder about the credibility of this finding.
The articles that I've read regarding this say to use certificates and SSL to mitigate.
Any insight into this issue would be great!