4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.972 High
EPSS
Percentile
99.8%
Some HTTP handling devices are vulnerable to a flaw which may allow a specially crafted request to elicit multiple responses, some of which may be controlled by the attacker. These attacks may result in cache poisoning, information leakage, cross-site scripting, and other outcomes.
A flaw in handling HTTP requests that contain the “HTTP Request Smuggling” class of attacksHTTP Request Smuggling attacks involve injecting HTTP request(s) within other HTTP requests. Devices that handle HTTP data, such as web caches and proxy servers, may contribute to a class of attacks known as “HTTP Request Smuggling” attacks. HTTP Request Smuggling attacks occur when specially-crafted HTTP requests are inconsistently processed by multiple interconnected devices. In this manner the secondary request(s) may be “smuggled” through other devices without detection.
As a simple example, including multiple Content-Length
headers into a single request may result in interconnected devices handling the request in a different manner. Given two Content-Length
headers, partial request data may be processed on one device where another subsequent device (using the longer Content-Length
header) may read more request data. This in turn changes the nature of the request and may result in cache poisoning or request hijacking.
HTTP Request Smuggling is outlined in depth in the Watchfire “HTTP Request Smuggling” whitepaper.
Multiple scenarios are possible depending on the devices in use and the strategies that are utilized by the attacker. These attacks may involve cache poisoning, request hijacking, protection bypass, and cross-site scripting.
Apply an update
Contact your vendor for information on updates, patches, and workarounds.
625878
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Updated: June 14, 2005
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Microsoft Security Bulletin MS05-034 contains details on ISA Server 2000 updates, patches, and workarounds for this issue.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23625878 Feedback>).
Updated: June 14, 2005
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
More details are available in the Squid Proxy Cache Security Update Advisory SQUID-2005:4.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23625878 Feedback>).
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
Thanks to Watchfire for providing information on this flaw.
This document was written by Ken MacInnis based primarily on information provided by Watchfire
CVE IDs: | CVE-2005-2090 |
---|---|
Severity Metric: | 7.50 Date Public: |