Jun 16 2005
Read: HTTP Request smuggling
I finally got a chance to read the HRS paper by Watchfire, and I have to say I’m a lot less concerned about this vulnerability than I was before. I’m not saying this isn’t a real vulnerability, I just think the applicability of this set of vulnerabilities is minimal. You won’t be seeing a worm or virus based on this paper. If it’s seen at all, I expect it will be in a tool used by hackers targeting a specific site or set of systems. You have to know too much about the system you’re attacking for this to become widely used.
If you want to see if you’re vulnerable, just go straight to the back of the paper. On one of the last pages they have a listing of the different proxies and web servers they were able to make this attack work against. I agree with several of the other evaluations I read: if strict protocol filtering was used on the proxies, this wouldn’t be an issue.