User:BrandonS23/sandbox
Web security vulnerability / From Wikipedia, the free encyclopedia
First document in 2005 by Linhart et al.[1] , HTTP request smuggling is a security exploit on the HTTP protocol that takes advantage of an inconsistency between the interpretation of Content-Length
and/or Transfer-Encoding
headers between HTTP server implementations in an HTTP proxy server chain.[2][3] The Transfer-Encoding header works by defining a directive on how to interpret the body of the HTTP request, with the common and necessary directive for this attack being the Chunked transfer encoding.[4] When the Transfer-Encoding header is present, the Content-Length header is supposed to be omitted.[4] Working similarly but with a different syntax, the Content-Length header works by specifying the size in bytes of the body as a value in the header itself. [5] Vulnerabilities arise when both of these headers are included in a malicious HTTP request, bypassing security functions meant to prevent malicious HTTP queries to the server by causing either the front-end or back-end server to incorrectly interpret the request. [6] HTTP request smuggling commonly takes the form of CL.TE, TE.CL, or TE.TE, although more complex attacks using HRS do exist. [6]