HTTP Request Smuggling

high Web App Scanning Plugin ID 114223

Synopsis

HTTP Request Smuggling

Description

Modern web applications are often deployed with a chain of HTTP servers which ensure the transmission of the HTTP traffic from users to the service. Typical deployments include the usage of a front-end server, usually a load balancer or a reverse proxy, which will then transmit the requests to one or more back-end servers.

HTTP request smuggling occurs when the front-end server and the back-end server show discrepancies in the way they process HTTP requests `content-length` and `transfer-encoding` headers. A remote and unauthenticated attacker can leverage this class of vulnerability to bypass access controls or gain access to sensitive data, or to compromise offer users traffic without interaction.

Solution

If possible, only use HTTP/2 protocol and ensure that HTTP downgrading is disabled. Ensure that the parsing of HTTP requests is consistent on the whole HTTP transmission chain and that all the intermediate software used are up-to-date.

See Also

https://portswigger.net/research/http-desync-attacks-request-smuggling-reborn

https://portswigger.net/web-security/request-smuggling

Plugin Details

Severity: High

ID: 114223

Type: remote

Published: 3/6/2024

Updated: 12/3/2024

Scan Template: api, basic, full, pci, scan

Risk Information

VPR

Risk Factor: Medium

Score: 4.2

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: Tenable

CVSS v3

Risk Factor: High

Base Score: 7.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CVSS Score Source: Tenable

CVSS v4

Risk Factor: High

Base Score: 8.7

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:L/SI:L/SA:L

CVSS Score Source: Tenable

Reference Information