HTTP request smuggling

HTTP request smuggling is a security exploit on the HTTP protocol that uses inconsistency between the interpretation of Content-length and/or Transfer-encoding headers between HTTP server implementations in an HTTP proxy server chain.[1][2]It was first documented in 2005, and was again repopularized by PortSwigger's research.[3]

HTTP
Request methods
Header fields
Status codes
Security access control methods
Security vulnerabilities

Types

CL.TE

In this type of HTTP request smuggling, the front end processes the request using Content-Length header while backend processes the request using Transfer-Encoding header.[3]

TE.CL

In this type of HTTP request smuggling, the front end processes request using Transfer-Encoding header while backend processes the request using Content-Length header.[3]

Prevention

HTTP/2 should be used for backend connections and web server accepting same type of HTTP header should be used. [3]

gollark: You can run any quantum computing stuff on a regular computer. It just might be unusably slow.
gollark: This is done by making it so that they require large amounts of memory (I think this is mostly an issue for FPGAs though?) or basically just general purpose computation (regular CPUs are best at this) or changing the algorithm constantly so ASICs aren't economically viable.
gollark: The ASICs do that very fast. Some currencies are designed so that ASICs are impractical.
gollark: .
gollark: Mining isn't guessing primes, mostly it's just bruteforcing a hash with a particular number of leading zeros

References
  1. "CWE - CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') (4.0)". cwe.mitre.org. Retrieved 2020-03-13.
  2. "What is HTTP request smuggling? Tutorial & Examples | Web Security Academy". portswigger.net. Retrieved 2020-03-13.
  3. "HTTP request smuggling".


This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.