lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Mon, 6 Jun 2005 16:17:55 +0300
From: "Ory Segal" <osegal@...chfire.com>
To: <BUGTRAQ@...URITYFOCUS.COM>,
	<webappsec@...urityfocus.com>,
	<websecurity@...appsec.org>,
	<wasc-technical@...appsec.org>
Subject: [WEB SECURITY] A new whitepaper by Watchfire - HTTP Request Smuggling

Hello,
 
Today, Watchfire released a new whitepaper, titled "HTTP Request
Smuggling". The full paper can be found in the following link:
http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf
<BLOCKED::http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf>

 
The paper's abstract is copied below: 

"We describe a new web entity attack technique - "HTTP Request
Smuggling". The attack technique and the derived attacks are relevant to
most web environments and is the result of a HTTP server or device's
failure to properly handle malformed inbound HTTP requests. HTTP Request
Smuggling works by taking advantage of the discrepancies in parsing when
one or more HTTP devices/entities (e.g. Cache Server, Proxy Server, Web
Application Firewall, etc.) are in the data flow between the user and
the web server. HTTP Request Smuggling enables various attacks - web
cache poisoning, session hijacking, cross-site scripting and most
serious the ability to bypass web application firewall protection. HTTP
Request Smuggling sends multiple specially-crafted HTTP requests that
cause the two attacked entities to see two different sets of requests,
allowing the hacker to smuggle a request to one device without the other
device being aware of it. In the Web Cache poisoning attack, this
smuggled request will trick the cache server into unintendedly
associating a URL to another URL's page (content), and caching this
content for the URL. In the Web Application Firewall attack the smuggled
request could be a worm (like Nimda or Code Red) or buffer overflow
attack targeting the web server. Finally, because HTTP Request Smuggling
enables the attacker to insert or sneak a request into the flow it
allows the attacker to manipulate the web server's request/response
sequencing which can allow for credential hijacking and other malicious
outcomes."

 
Thank you,
 
 
Ory Segal
Director of Security Research
Watchfire (Israel) LTD.
Tel: +972-9-9586077, Ext.236
Mobile: +972-54-7739359
e-mail: osegal <BLOCKED::mailto:osegal@...chfire.com>  at watchfire.com

 
 
 
 

Content of type "text/html" skipped

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ