Researcher Demonstrates 4 New Variants of HTTP Request Smuggling Attack

2020-08-05 11:57

A new research has identified four new variants of HTTP request smuggling attacks that work against various commercial off-the-shelf web servers and HTTP proxy servers.

Amit Klein, VP of Security Research at SafeBreach who presented the findings today at the Black Hat security conference, said that the attacks highlight how web servers and HTTP proxy servers are still susceptible to HTTP request smuggling even after 15 years since they were first documented.

What is HTTP Request Smuggling? HTTP request smuggling is a technique employed to interfere with the way a website processes sequences of HTTP requests that are received from one or more users.

Vulnerabilities related to HTTP request smuggling typically arise when the front-end and the back-end servers interpret the boundary of an HTTP request differently, thereby allowing a bad actor to send an ambiguous request that gets prepended to the next legitimate user request.

Calling for normalization of outbound HTTP Requests from proxy servers, Klein stressed the need for an open source, robust web application firewall solution that's capable of handling HTTP Request Smuggling attacks.

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/Z-if5biZNZk/http-request-smuggling.html

#attack #http #researcher

News URL

Related news