HTTP Request Smuggling happens when a disparity in how a front-end proxy or load balancer and a back-end server interpret HTTP requests results in those requests becoming desynchronised.
This can lead to a range of attacks, including web cache poisoning, credential hijacking, cross-user attacks, and WAF (web application firewall) bypassing.
It occurs due to ambiguity in how the parties handle the Transfer-Encoding (TE) and Content-Length (CL) headers, or owing to a mismatch between the two in how they handle HTTP elements.
There are several methods to detect targets that may be susceptible, and once a target is identified, there are numerous ways to exploit the request boundary desynchronisation.
Mitigations include dropping duplicated headers, normalising headers, strict parsing of TE, and enforcing HTTP/2 as a single protocol.