> Hello,
> Today, Watchfire released a new whitepaper, titled "HTTP Request
> Smuggling". The full paper can be found in the following link:
> http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf
> <BLOCKED::http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf>
> The paper's abstract is copied below:
>
> "We describe a new web entity attack technique ? ?HTTP Request
> Smuggling?. The attack technique and the derived attacks are relevant
> to most web environments and is the result of a HTTP server or
> device?s failure to properly handle malformed inbound HTTP requests.
> HTTP Request Smuggling works by taking advantage of the discrepancies
> in parsing when one or more HTTP devices/entities (e.g. Cache Server,
> Proxy Server, Web Application Firewall, etc.) are in the data flow
> between the user and the web server. HTTP Request Smuggling enables
> various attacks ? web cache poisoning, session hijacking, cross-site
> scripting and most serious the ability to bypass web application
> firewall protection. HTTP Request Smuggling sends multiple
> specially-crafted HTTP requests that cause the two attacked entities
> to see two different sets of requests, allowing the hacker to smuggle
> a request to one device without the other device being aware of it. In
> the Web Cache poisoning attack, this smuggled request will trick the
> cache server into unintendedly associating a URL to another URL?s page
> (content), and caching this content for the URL. In the Web
> Application Firewall attack the smuggled request could be a worm (like
> Nimda or Code Red) or buffer overflow attack targeting the web server.
> Finally, because HTTP Request Smuggling enables the attacker to insert
> or sneak a request into the flow it allows the attacker to manipulate
> the web server?s request/response sequencing which can allow for
> credential hijacking and other malicious outcomes."
> Thank you,
> *Ory Segal
> */Director of Security Research/
> Watchfire (Israel) LTD.
> Tel: +972-9-9586077, Ext.236
> Mobile: +972-54-7739359
> e-mail: osegal <BLOCKED::mailto:osegal (at) watchfire (dot) com [email concealed]> at watchfire.com
>
> Hello,
> Today, Watchfire released a new whitepaper, titled "HTTP Request
> Smuggling". The full paper can be found in the following link:
> http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf
> <BLOCKED::http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf>
> The paper's abstract is copied below:
>
> "We describe a new web entity attack technique ? ?HTTP Request
> Smuggling?. The attack technique and the derived attacks are relevant
> to most web environments and is the result of a HTTP server or
> device?s failure to properly handle malformed inbound HTTP requests.
> HTTP Request Smuggling works by taking advantage of the discrepancies
> in parsing when one or more HTTP devices/entities (e.g. Cache Server,
> Proxy Server, Web Application Firewall, etc.) are in the data flow
> between the user and the web server. HTTP Request Smuggling enables
> various attacks ? web cache poisoning, session hijacking, cross-site
> scripting and most serious the ability to bypass web application
> firewall protection. HTTP Request Smuggling sends multiple
> specially-crafted HTTP requests that cause the two attacked entities
> to see two different sets of requests, allowing the hacker to smuggle
> a request to one device without the other device being aware of it. In
> the Web Cache poisoning attack, this smuggled request will trick the
> cache server into unintendedly associating a URL to another URL?s page
> (content), and caching this content for the URL. In the Web
> Application Firewall attack the smuggled request could be a worm (like
> Nimda or Code Red) or buffer overflow attack targeting the web server.
> Finally, because HTTP Request Smuggling enables the attacker to insert
> or sneak a request into the flow it allows the attacker to manipulate
> the web server?s request/response sequencing which can allow for
> credential hijacking and other malicious outcomes."
> Thank you,
> *Ory Segal
> */Director of Security Research/
> Watchfire (Israel) LTD.
> Tel: +972-9-9586077, Ext.236
> Mobile: +972-54-7739359
> e-mail: osegal <BLOCKED::mailto:osegal (at) watchfire (dot) com [email concealed]> at watchfire.com
>
[ reply ]