BugTraq
Microsoft Edge Fetch API allows setting of arbitrary request headers Mar 14 2017 09:03PM
Securify B.V. (lists securify nl)
------------------------------------------------------------------------

Microsoft Edge Fetch API allows setting of arbitrary request headers
------------------------------------------------------------------------

Yorick Koster, January 2017

------------------------------------------------------------------------

Abstract
------------------------------------------------------------------------

It was found that the Fetch API in Microsoft Edge allows websites to set
arbitrary HTTP request headers, including the Content-Length, and Host
headers. Amongst others, a malicious website can use this issue to
bypass the same origin policy, read HTTP response headers, or initiate
arbitrary HTTP requests from the victim's browser (HTTP request
smuggling).

------------------------------------------------------------------------

See also
------------------------------------------------------------------------

- CVE-2017-0140
- MS17-007: Cumulative Security Update for Microsoft Edge (4013071)

------------------------------------------------------------------------

Tested versions
------------------------------------------------------------------------

This issue was successfully tested on Microsoft Edge version
38.14393.0.0 (EdgeHTML 14.14393).

------------------------------------------------------------------------

Fix
------------------------------------------------------------------------

Microsoft released MS17-007 that fixes this vulnerability.

------------------------------------------------------------------------

Details
------------------------------------------------------------------------

https://www.securify.nl/advisory/SFY20170101/microsoft_edge_fetch_api_al
lows_setting_of_arbitrary_request_headers.html

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus