Slashdot Mirror

← Back to Stories (view on slashdot.org)

HTTP Request Smuggling

Posted by CmdrTaco on from the this-could-get-fun dept.

cyphersteve writes "Multiple vendors are vulnerable to a new class of attack named 'HTTP Request Smuggling' that revolves around piggybacking a HTTP request inside of another HTTP request, which could let a remote malicious user conduct cache poisoning, cross-site scripting, session hijacking, as well as bypassing web application firewall protection and other attacks. HTTP Request Smuggling works by taking advantage of the discrepancies in parsing when one or more HTTP devices are between the user and the web server. CERT has ranked this attack and the associated vulnerabilties found in multiple products as High Risk. The authors (Amit Klein, Steve Orrin, Ronen Heled, and Chaim Linhart) have published a whitepaper describing this technique in detail."

2 of 99 comments (clear)

  1. Be very careful by Anonymous Coward · · Score: 5, Funny

    It is unethical and immoral. Some HTTP requests even time-out and have died doing this! Also be aware that some vigilante border gateway protocols have sprung up in the south looking for smuggled HTTP requests. Also new federal legislation may require all web servers to validate the HTTP request's green packets before responding.

  2. Re:and here's where... by Anonymous Coward · · Score: 5, Interesting

    Actually the whitepaper sates that IIS and Apache automatically dump the malformed packet.

    Microsoft does write a few good lines of code.