URL Parsing Bugs Allow DoS, RCE, Spoofing & More

2022-01-10 17:55

Eight different security vulnerabilities arising from inconsistencies among 16 different URL parsing libraries could allow denial-of-service conditions, information leaks and remote code execution in various web applications, researchers are warning.

Multiple Parsers in Use: Whether by design or an oversight, developers sometimes use more than one URL parsing library in projects.

In the case of the former, accepting malformed URLs with an incorrect number of slashes can lead to SSRF, researchers explained: " ignore extra slasheswill parse this [malformed] URL as a URL with an empty authority, thus passing the security check comparing the netloc to google.com.

URL confusion is also responsible for the Log4Shell patch bypass, according to Claroty, because two different URL parsers were used inside the JNDI lookup process: One parser was used for validating the URL, and another for fetching it.

"By looking into the URL parsing functionality of Belledone, we've found [a] piece of code parsing the SIP URL inside the to/from SIP headers," researchers explained.

"Belledone parses the SIP URL as a generic URL and checks if the scheme is either SIP or SIPs using strcasecmp, checking if the given URL is a SIP URL.".

News URL

https://threatpost.com/url-parsing-bugs-dos-rce-spoofing/177493/

#DOS #RCE #URL