Last active
January 20, 2024 11:23
-
-
Save anas-cherni/c95e2fc1fd84d93167eb60193318d0b8 to your computer and use it in GitHub Desktop.
CVE-2023-50694- http request smuggling in HTTPbeast v.0.4.1 and before
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
> [Suggested description] | |
> An issue in dom96 HTTPbeast v.0.4.1 and before allows a remote attacker | |
> to send a malicious crafted request due to insufficient parsing in the parser.nim | |
> component. | |
> | |
> | |
> [VulnerabilityType Other] | |
> HTTP Request Smuggling | |
> | |
> ------------------------------------------ | |
> | |
> [Vendor of Product] | |
> dom96 (open source maintainer) | |
> | |
> ------------------------------------------ | |
> | |
> [Affected Product Code Base] | |
> httpbeast - all versions <= 0.4.1 are affected | |
> | |
> ------------------------------------------ | |
> | |
> [Affected Component] | |
> /src/httpbeast/parser.nim | |
> | |
> ------------------------------------------ | |
> | |
> [Attack Type] | |
> Remote | |
> | |
> ------------------------------------------ | |
> | |
> [Impact Denial of Service] | |
> true | |
> | |
> ------------------------------------------ | |
> | |
> [Impact Escalation of Privileges] | |
> true | |
> | |
> ------------------------------------------ | |
> | |
> [Impact Information Disclosure] | |
> true | |
> | |
> ------------------------------------------ | |
> | |
> [CVE Impact Other] | |
> This vulnerability can be chained with XSS and cache poisoning | |
> | |
> ------------------------------------------ | |
> | |
> [Attack Vectors] | |
> To exploit this vulnerability, and attacker could craft malicious requests to trick the system, posing security risks like unauthorized access, information disclosure, and bypassing security controls. | |
> | |
> ------------------------------------------ | |
> | |
> [Reference] | |
> https://github.com/dom96/httpbeast/pull/96 | |
> https://github.com/dom96/httpbeast/issues/95 | |
> | |
> ------------------------------------------ | |
> | |
> [Discoverer] | |
> Anas Cherni (n0s) | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment