110 – HTTP request smuggling

Description

The system uses one or more entities, such as a proxy or a firewall, to process requests between the client and the server. These entities do not process HTTP requests consistently, thus making it possible to post malformed requests to get one of the entities to process a request without the other ones noticing it. The reason the entities do not process the requests consistently is that the web server software each one uses delimits requests differently.

Impact

Allow an attacker to send an ambiguous HTTP request between front-end and back-end system.

Recommendation

Use the same web servers software on the front-end and back-end servers, making the delimiters among the requests coincide each other.

Threat

Unauthorized attacker from the Internet.

Expected Remediation Time

45 minutes.

Score 4.0

Default score using CVSS 4.0. It may change depending on the context of the src.

Base 4.0

• Attack vector: N
• Attack complexity: L
• Attack Requirements: N
• Privileges required: N
• User interaction: N
• Confidentiality (VC): L
• Integrity (VI): L
• Availability (VA): N
• Confidentiality (SC): N
• Integrity (SI): N
• Availability (SA): N

Threat 4.0

• Exploit maturity: X

Requirements

• 062 - Define standard configurations
• 173 - Discard unsafe inputs
• 266 - Disable insecure functionalities

Fixes

• Go
• Java
• Scala

Last updated

2024/02/13