HTTP Response Smuggling |
Attack Pattern ID: 273 (Detailed Attack Pattern Completeness: Stub) | Typical Severity: Medium | Status: Draft |
HTTP Response Smuggling |
Attack Pattern ID: 273 (Detailed Attack Pattern Completeness: Stub) | Typical Severity: Medium | Status: Draft |
Summary
An attacker injects content into a server response that is interpreted differently by intermediaries than it is by the target browser. To do this, it takes advantage of inconsistent or incorrect interpretations of the HTTP protocol by various applications. For example, it might use different block terminating characters (CR or LF alone), adding duplicate header fields that browsers interpret as belonging to separate responses, or other techniques. Consequences of this attack can include response-splitting, cross-site scripting, apparent defacement of targeted sites, cache poisoning, or similar actions.
The targeted server must allow the attacker to insert content that will appear in the server's response.
Design: Employ strict adherence to interpretations of HTTP messages wherever possible.
Implementation: Encode header information provided by user input so that user-supplied content is not interpreted by intermediaries.
Nature | Type | ID | Name | Description | View(s) this relationship pertains to |
---|---|---|---|---|---|
PeerOf | Attack Pattern | 33 | HTTP Request Smuggling | Mechanism of Attack1000 | |
ChildOf | Attack Pattern | 220 | Client-Server Protocol Manipulation | Mechanism of Attack (primary)1000 | |
ChildOf | Category | 360 | WASC Threat Classification 2.0 - WASC-27 - HTTP Response Smuggling | WASC Threat Classification 2.0333 |
Security-Database help your corporation foresee and avoid any security risks that may impact your IT infrastructure and business applications.
28 June 2016