12.06.2005 19:20

HTTP Request Smuggling

A paper (PDF format, approx. 20 pages) was released about possible usage of the difference in HTTP parsing methods used by HTTP services (cache server, firewall etc and web server).

The authors show, for example, how to poison cache using only one special request. The techniques are interesting, but they apply only to specific software combinations. Still, they may be very dangerous if they happen more often than we exapect and/or more servers are vulnurable.

Posted by Mara | Categories: Security, Software