HTTP Request Smuggling
Publish date: 21 de julio de 2015
Gravedad: High
Fecha recomendada: 21 de julio de 2015
Descripción
The HTTP Request Smuggling attack explores an incomplete parsing of the submitted data done by an intermediary HTTP system working as a proxy. HTTP Request Smuggling consists of sending a specially formatted HTTP request that will be parsed in a different way by the proxy system and by the final system, so the attacker could smuggle a request to one system without the other being aware of it. This attack makes it possible to exploit other attacks, like Cache Poisoning, Session Hijacking, Cross-site Scripting (XSS) and most importantly, the ability to bypass web application firewall protection.
Revelación de la información
Apply associated Trend Micro DPI Rules.
Soluciones
Trend Micro Deep Security DPI Rule Number: 1005496
Trend Micro Deep Security DPI Rule Name: 1005496 - Identified HTTP Request Smuggling Attack