HTTP parser could be vulnerable to some attacks

[Az107]

The HTTP parser is vulnerable and not totally compliant with HTTP RFC
Some attacks could include:

• request malformation
• infinite request (DDOS)

[Az107]

Later tests show that a malicious agent could try to send malformed requests, making the server waste CPU and memory trying to process them.
For example, a request with infinite headers or an incomplete body could block the request forever in the worker queue.