Description
When malformed or abnormal HTTP requests are interpreted by one or more entities in the data flow between the user and the web server, such as a proxy or firewall, they can be interpreted inconsistently, allowing the attacker to “smuggle” a request to one device without the other device being aware of it.
Modes of Introduction:
– Architecture and Design
Related Weaknesses
Consequences
Integrity, Non-Repudiation, Access Control: Unexpected State, Hide Activities, Bypass Protection Mechanism
An attacker could create a request to exploit a number of weaknesses including 1) the request can trick the web server to associate a URL with another URLs webpage and caching the contents of the webpage (web cache poisoning attack), 2) the request can be structured to bypass the firewall protection mechanisms and gain unauthorized access to a web application, and 3) the request can invoke a script or a page that returns client credentials (similar to a Cross Site Scripting attack).
Potential Mitigations
Phase: Implementation
Description:
Use a web server that employs a strict HTTP parsing procedure, such as Apache [REF-433].
Phase: Implementation
Description:
Use only SSL communication.
Phase: Implementation
Description:
Terminate the client session after each request.
Phase: System Configuration
Description:
Turn all pages to non-cacheable.
CVE References
- CVE-2005-2088
- Web servers allow request smuggling via inconsistent Transfer-Encoding and Content-Length headers.
- CVE-2005-2089
- Web servers allow request smuggling via inconsistent Transfer-Encoding and Content-Length headers.
- CVE-2005-2090
- Web servers allow request smuggling via inconsistent Transfer-Encoding and Content-Length headers.
- CVE-2005-2091
- Web servers allow request smuggling via inconsistent Transfer-Encoding and Content-Length headers.
- CVE-2005-2092
- Web servers allow request smuggling via inconsistent Transfer-Encoding and Content-Length headers.
- CVE-2005-2093
- Web servers allow request smuggling via inconsistent Transfer-Encoding and Content-Length headers.
- CVE-2005-2094
- Web servers allow request smuggling via inconsistent Transfer-Encoding and Content-Length headers.
More Stories
The Most Dangerous Vulnerabilities in Apache Tomcat and How to Protect Against Them
Apache Tomcat is an open-source web server and servlet container that is widely used in enterprise environments to run Java...
ZDI-CAN-18333: A Critical Zero-Day Vulnerability in Microsoft Windows
Zero-day vulnerabilities are a serious threat to cybersecurity, as they can be exploited by malicious actors to gain unauthorized access...
CWE-669 – Incorrect Resource Transfer Between Spheres
Description The product does not properly transfer a resource/behavior to another sphere, or improperly imports a resource/behavior from another sphere,...
CWE-67 – Improper Handling of Windows Device Names
Description The software constructs pathnames from user input, but it does not handle or incorrectly handles a pathname containing a...
CWE-670 – Always-Incorrect Control Flow Implementation
Description The code contains a control flow path that does not reflect the algorithm that the path is intended to...
CWE-671 – Lack of Administrator Control over Security
Description The product uses security features in a way that prevents the product's administrator from tailoring security settings to reflect...