lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Mon, 06 Jun 2005 19:09:04 +0300
From: Ory Segal <orysegal@...vision.net.il>
To: BUGTRAQ@...URITYFOCUS.COM
Subject: A new whitepaper by Watchfire - HTTP Request Smuggling


Ory Segal wrote:

> Hello,
> Today, Watchfire released a new whitepaper, titled "HTTP Request 
> Smuggling". The full paper can be found in the following link: 
> http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf 
> <BLOCKED::http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf>
> The paper's abstract is copied below:
>
> "We describe a new web entity attack technique – “HTTP Request 
> Smuggling”. The attack technique and the derived attacks are relevant 
> to most web environments and is the result of a HTTP server or 
> device’s failure to properly handle malformed inbound HTTP requests. 
> HTTP Request Smuggling works by taking advantage of the discrepancies 
> in parsing when one or more HTTP devices/entities (e.g. Cache Server, 
> Proxy Server, Web Application Firewall, etc.) are in the data flow 
> between the user and the web server. HTTP Request Smuggling enables 
> various attacks – web cache poisoning, session hijacking, cross-site 
> scripting and most serious the ability to bypass web application 
> firewall protection. HTTP Request Smuggling sends multiple 
> specially-crafted HTTP requests that cause the two attacked entities 
> to see two different sets of requests, allowing the hacker to smuggle 
> a request to one device without the other device being aware of it. In 
> the Web Cache poisoning attack, this smuggled request will trick the 
> cache server into unintendedly associating a URL to another URL’s page 
> (content), and caching this content for the URL. In the Web 
> Application Firewall attack the smuggled request could be a worm (like 
> Nimda or Code Red) or buffer overflow attack targeting the web server. 
> Finally, because HTTP Request Smuggling enables the attacker to insert 
> or sneak a request into the flow it allows the attacker to manipulate 
> the web server’s request/response sequencing which can allow for 
> credential hijacking and other malicious outcomes."
> Thank you,
> *Ory Segal
> */Director of Security Research/
> Watchfire (Israel) LTD.
> Tel: +972-9-9586077, Ext.236
> Mobile: +972-54-7739359
> e-mail: osegal <BLOCKED::mailto:osegal@...chfire.com> at watchfire.com
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ