HTTP request smuggling: Difference between revisions
Appearance
Content deleted Content added
{{HTTP}} |
Adding short description: "Web security vulnerability" (Shortdesc helper) |
||
Line 1: | Line 1: | ||
{{short description|Web security vulnerability}} |
|||
{{HTTP}} |
{{HTTP}} |
||
'''HTTP request smuggling''' is a [[security exploit]] on the [[HTTP]] protocol that uses inconsistency between the interpretation of <code>Content-length</code> and/or <code>Transfer-encoding</code> headers between HTTP server implementations in an [[HTTP proxy server]] chain.<ref>{{Cite web|url=https://cwe.mitre.org/data/definitions/444.html|title=CWE - CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') (4.0)|website=cwe.mitre.org|access-date=2020-03-13}}</ref><ref>{{Cite web|url=https://portswigger.net/web-security/request-smuggling|title=What is HTTP request smuggling? Tutorial & Examples {{!}} Web Security Academy|website=portswigger.net|access-date=2020-03-13}}</ref> |
'''HTTP request smuggling''' is a [[security exploit]] on the [[HTTP]] protocol that uses inconsistency between the interpretation of <code>Content-length</code> and/or <code>Transfer-encoding</code> headers between HTTP server implementations in an [[HTTP proxy server]] chain.<ref>{{Cite web|url=https://cwe.mitre.org/data/definitions/444.html|title=CWE - CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') (4.0)|website=cwe.mitre.org|access-date=2020-03-13}}</ref><ref>{{Cite web|url=https://portswigger.net/web-security/request-smuggling|title=What is HTTP request smuggling? Tutorial & Examples {{!}} Web Security Academy|website=portswigger.net|access-date=2020-03-13}}</ref> |
Revision as of 16:23, 13 March 2020
HTTP |
---|
Request methods |
Header fields |
Response status codes |
Security access control methods |
Security vulnerabilities |
HTTP request smuggling is a security exploit on the HTTP protocol that uses inconsistency between the interpretation of Content-length
and/or Transfer-encoding
headers between HTTP server implementations in an HTTP proxy server chain.[1][2]
References
- ^ "CWE - CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') (4.0)". cwe.mitre.org. Retrieved 2020-03-13.
- ^ "What is HTTP request smuggling? Tutorial & Examples | Web Security Academy". portswigger.net. Retrieved 2020-03-13.