This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP Periodic Table of Vulnerabilities - HTTP Request/Response Smuggling"
(added some more references, discussion) |
James Landis (talk | contribs) |
||
| Line 2: | Line 2: | ||
=== Root Cause Summary === | === Root Cause Summary === | ||
| − | + | Malformed HTTP requests and responses are interpreted differently by proxies, web servers, or other systems which process HTTP along the request/response path. This can allow a request or response to bypass proxy filters or rules, poison caches, or cause the response from one request to be incorrectly matched with another. | |
| − | |||
=== Browser / Standards Solution === | === Browser / Standards Solution === | ||
| − | Tighten RFC standards to describe precise behavior for malformed request/response data | + | Tighten RFC standards to describe precise behavior for malformed request/response data, including rules for handling duplicate headers. |
| − | |||
=== Perimeter Solution === | === Perimeter Solution === | ||
| − | * Sanitize HTTP headers | + | * Sanitize all HTTP headers, especially duplicates, by enforcing strict adherence to RFC |
| − | * Sanitize HTTP responses | + | ** Sanitize both HTTP requests and responses |
* Avoid HTTP connection sharing | * Avoid HTTP connection sharing | ||
| − | * | + | * Enforce SSL to prevent proxy tampering |
=== Generic Framework Solution === | === Generic Framework Solution === | ||
| − | + | None | |
| − | |||
| − | |||
=== Custom Framework Solution === | === Custom Framework Solution === | ||
| Line 33: | Line 29: | ||
=== Discussion / Controversy === | === Discussion / Controversy === | ||
| − | [ | + | Framework-level solutions for addressing correct CRLF behavior and preventing header manipulation are covered under [[OWASP Periodic Table of Vulnerabilities - HTTP Response Splitting]] |
=== References === | === References === | ||
| − | [http://www.owasp.org/images/1/1a/OWASPAppSecEU2006_HTTPMessageSplittingSmugglingEtc.ppt HTTP Message Splitting, Smuggling and Other Animals (Amit Klein, OWASP)] | + | [http://www.securiteam.com/securityreviews/5GP0220G0U.html HTTP Request Smuggling]<BR> |
| − | [http://www.ietf.org/rfc/rfc2047.txt Message Header Extensions (RFC)] | + | [http://www.owasp.org/images/1/1a/OWASPAppSecEU2006_HTTPMessageSplittingSmugglingEtc.ppt HTTP Message Splitting, Smuggling and Other Animals (Amit Klein, OWASP)]<BR> |
| + | [http://www.ietf.org/rfc/rfc2047.txt Message Header Extensions (RFC)]<BR> | ||
| + | [http://projects.webappsec.org/w/page/13246930/HTTP%20Response%20Smuggling Response Smuggling (WASC)]<BR> | ||
Revision as of 21:06, 20 July 2013
HTTP Request/Response Smuggling
Root Cause Summary
Malformed HTTP requests and responses are interpreted differently by proxies, web servers, or other systems which process HTTP along the request/response path. This can allow a request or response to bypass proxy filters or rules, poison caches, or cause the response from one request to be incorrectly matched with another.
Browser / Standards Solution
Tighten RFC standards to describe precise behavior for malformed request/response data, including rules for handling duplicate headers.
Perimeter Solution
- Sanitize all HTTP headers, especially duplicates, by enforcing strict adherence to RFC
- Sanitize both HTTP requests and responses
- Avoid HTTP connection sharing
- Enforce SSL to prevent proxy tampering
Generic Framework Solution
None
Custom Framework Solution
None
Custom Code Solution
None
Discussion / Controversy
Framework-level solutions for addressing correct CRLF behavior and preventing header manipulation are covered under OWASP Periodic Table of Vulnerabilities - HTTP Response Splitting
References
HTTP Request Smuggling
HTTP Message Splitting, Smuggling and Other Animals (Amit Klein, OWASP)
Message Header Extensions (RFC)
Response Smuggling (WASC)
