Detections
Analytics
HTTP Request Smuggling
high Web App Scanning Plugin ID 114223
Language:
Synopsis
HTTP Request SmugglingDescription
Modern web applications are often deployed with a chain of HTTP servers which ensure the transmission of the HTTP traffic from users to the service. Typical deployments include the usage of a front-end server, usually a load balancer or a reverse proxy, which will then transmit the requests to one or more back-end servers.HTTP request smuggling occurs when the front-end server and the back-end server show discrepancies in the way they process HTTP requests `content-length` and `transfer-encoding` headers. A remote and unauthenticated attacker can leverage this class of vulnerability to bypass access controls or gain access to sensitive data, or to compromise offer users traffic without interaction.
Solution
If possible, only use HTTP/2 protocol and ensure that HTTP downgrading is disabled. Ensure that the parsing of HTTP requests is consistent on the whole HTTP transmission chain and that all the intermediate software used are up-to-date.See Also
https://portswigger.net/research/http-desync-attacks-request-smuggling-reborn
Plugin Details
Severity: High
ID: 114223
Type: remote
Family: Web Applications
Published: 3/6/2024
Updated: 3/6/2024
Scan Template: api, basic, full, pci, scan
Risk Information
VPR
Risk Factor: Low
Score: 3.4
CVSS v2
Risk Factor: High
Base Score: 7.5
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS Score Source: Tenable
CVSS v3
Risk Factor: High
Base Score: 7.3
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CVSS Score Source: Tenable
Reference Information
CWE: 444
OWASP: 2021-A4
WASC: HTTP Request Smuggling
DISA STIG: APSC-DV-002560
HIPAA: 164.312(a)(1), 164.312(e)
ISO: 27001-A.13.1.3, 27001-A.13.2.1, 27001-A.14.1.2, 27001-A.14.1.3
NIST: sp800_53-AC-4
OWASP API: 2019-API7, 2023-API8
OWASP ASVS: 4.0.2-5.1.3
PCI-DSS: 3.2-2.2