Welcome · log in · join

HTTP Request Smuggling

New attack technique

by wvcaver

Wednesday Jun 15 2005 10:41 EDT

"Thousands of websites may be at risk from a new form of network attack that involves burying harmful packets of data within seemingly legitimate ones," reports the New Scientist. Dubbed "HTTP Request Smuggling" the new attack technique exploits discrepancies in the way different software tackles HTTP, via the use of carefully crafted packets that can sneak past traditional defenses. (Thanks rock)

tags: security · software

Forums →

HTTP Request Smuggling

view:
topics flat nest

Anon users @sympatico.ca	Anon users Anon 2005-Jun-15 10:34 am Only you need a HTTP filter...Or for HTTPS as well Now everyone might start to think about using infamous Proximotron...
	· 2005-Jun-15 10:34 am: ·

Combat Chuck Too Many Cannibals Premium Member join:2001-11-29 Verona, PA	Combat Chuck Premium Member 2005-Jun-15 10:56 am Re: Only you need a HTTP filter...Or for HTTPS as So Proxomotron is somehow supposed to protect you from someone hacking into a webserver and altering it's content? Care to explain how it does that?
	· 2005-Jun-15 10:56 am: ·

GlenQuagmire Giggidy Giggidy Giggidy Goo Premium Member join:2004-02-16 Grand Rapids, MI	GlenQuagmire Premium Member 2005-Jun-15 11:20 am Fedora Core I am using Fedora Core so I am not worried.
	· 2005-Jun-15 11:20 am: ·

knightmb Everybody Lies join:2003-12-01 Franklin, TN	knightmb Member 2005-Jun-15 11:52 am Linux say what? Oh yeah, this again. Well hate to break it to everyone, but this isn't exactly "new", so unless you are using Microsoft IIS or some ancient version of Apache/Zeus/whatever, this was problem was fixed last century going by the details in the article. Sounds like some more FUD being spread around about the website servers.
	· 2005-Jun-15 11:52 am: ·

jdir join:2001-05-04 Santa Clara, CA	jdir Member 2005-Jun-15 12:16 pm IIS and apache all has problems Add another critical bug to web server!!!
	· 2005-Jun-15 12:16 pm: ·

DHRacer Tech Monkey join:2000-10-10 Lake Arrowhead, CA	DHRacer Member 2005-Jun-15 2:20 pm What stops this? Would a router with Stateful Packet Inspection be able to block this? On second thought I say no, but I'm not sure.
	· 2005-Jun-15 2:20 pm: ·

gukid join:2005-05-17	gukid Member 2005-Jun-15 3:18 pm Why even announce this... I don't get it. Like... a networks security only checks every few packets? Why do they try to scare the public with crap like this that will never actually work? "Burying"... riiiight.
	· 2005-Jun-15 3:18 pm: ·

AVD Respice, Adspice, Prospice Premium Member join:2003-02-06 Onion, NJ kudos:1	AVD Premium Member 2005-Jun-16 8:43 am looks like BS, unless your ISP uses a web proxy or somthing.
	· 2005-Jun-16 8:43 am: ·

your comment..

HTTP Request Smuggling

Only you need a HTTP filter...Or for HTTPS as well

Re: Only you need a HTTP filter...Or for HTTPS as

Fedora Core

Linux say what?

IIS and apache all has problems

What stops this?

Why even announce this...

looks like BS,

How about ..