HTTP Request Smuggling
Severity: HIGH
Advisory Date: JUL 21, 2015
DESCRIPTION
The HTTP Request Smuggling attack explores an incomplete parsing of the submitted data done by an intermediary HTTP system working as a proxy. HTTP Request Smuggling consists of sending a specially formatted HTTP request that will be parsed in a different way by the proxy system and by the final system, so the attacker could smuggle a request to one system without the other being aware of it. This attack makes it possible to exploit other attacks, like Cache Poisoning, Session Hijacking, Cross-site Scripting (XSS) and most importantly, the ability to bypass web application firewall protection.
TREND MICRO PROTECTION INFORMATION
Apply associated Trend Micro DPI Rules.
SOLUTION
Trend Micro Deep Security DPI Rule Number: 1005496
Trend Micro Deep Security DPI Rule Name: 1005496 - Identified HTTP Request Smuggling Attack