Slashdot Mirror
HTTP Request Smuggling
cyphersteve writes "Multiple vendors are vulnerable to a new class of attack named 'HTTP Request Smuggling' that revolves around piggybacking a HTTP request inside of another HTTP request, which could let a remote malicious user conduct cache poisoning, cross-site scripting, session hijacking, as well as bypassing web application firewall protection and other attacks. HTTP Request Smuggling works by taking advantage of the discrepancies in parsing when one or more HTTP devices are between the user and the web server. CERT has ranked this attack and the associated vulnerabilties found in multiple products as High Risk. The authors (Amit Klein, Steve Orrin, Ronen Heled, and Chaim Linhart) have published a whitepaper describing this technique in detail."
Bah, I'm a reseller who enjoys a product... is it so wrong to share it with people? I have no dog in this fight.
Good security is based upon reality and common sense. Common sense is a function of having common knowledge.
Nice.
I was about to cut and paste your "and and", then say "You will not." Unfortunately I cannot, so the rest of this post is not directed at you. Instead it is a rant about Firefox.
One of Firefox's NUMEROUS bugs just bit, and I can no longer cut and paste!
Somebody kindly fix Firefox's NUMEROUS MEMORY LEAKS!
Jesus, now I can NOT use the goddamn APOSTROPHE without it jumping to the FIND bar!
If this shit keeps up, it IS back to Opera!
Mozilla, STOP adding FEATURES until you FIX THE FUCKING BUGS!
Richard Steven Hack - This sig is TOO GODDAMN SHORT TO DO ANYTHING USEFUL WITH! MORONS!