HTTP Smuggling Detection

medium Nessus Plugin ID 140735

Synopsis

The remote web server is a potential candidate for HTTP Smuggling.

Description

According to the result of a remote check, the target web Server does not have some of the common mitigations in place to prevent HTTP Smuggling attacks. If HTTP Smuggling is possible a remote unauthenticated attacker could exploit this to gain access to backend resources that they would otherwise not have access to.

Solution

Refer to your vendor documentation to address this issue.

See Also

http://www.nessus.org/u?d6c4384f

Plugin Details

Severity: Medium

ID: 140735

File Name: http_smuggling_detect.nbin

Version: 1.38

Type: remote

Family: Web Servers

Published: 9/22/2020

Updated: 7/17/2024

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

CVSS Score Rationale: Based on analysis of vulnerability

CVSS v2

Risk Factor: Medium

Base Score: 4

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS Score Source: manual

CVSS v3

Risk Factor: Medium

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Vulnerability Information

Required KB Items: Settings/ParanoidReport