HTTP request smuggling

Description

The system uses one or more entities, such as a proxy or a firewall, to process requests between the client and the server. These entities do not process HTTP requests consistently, thus making it possible to post malformed requests to get one of the entities to process a request without the other ones noticing it. The reason the entities do not process the requests consistently is that the web server software each one uses delimits requests differently.

Impact

Allow an attacker to send an ambiguous HTTP request between front-end and back-end system.

Recommendation

Use the same web servers software on the front-end and back-end servers, making the delimiters among the requests coincide each other.

Threat

Unauthorized attacker from the Internet.

Expected Remediation Time

⌚ minutes.

Score

Default score using CVSS 3.1. It may change depending on the context of the src.

Base

• Attack vector: N
• Attack complexity: L
• Privileges required: N
• User interaction: N
• Scope: U
• Confidentiality: L
• Integrity: L
• Availability: N

Temporal

• Exploit code madurity: X
• Remediation level: X
• Report confidence: X

Result

• Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:X/RL:X/RC:X
• Score:
  • Base: 6.5
  • Temporal: 6.5
• Severity:
  • Base: Medium
  • Temporal: Medium

Requirements

• 062.Define standard configurations
• 173.Discard unsafe inputs
• 266.Disable insecure functionalities

Fixes

• Go
• Java
• Scala

free trial

Search for vulnerabilities in your apps for free with our automated security testing! Start your 21-day free trial and discover the benefits of our Continuous Hacking Machine Plan. If you prefer a full service that includes the expertise of our ethical hackers, don't hesitate to contact us for our Continuous Hacking Squad Plan.