search

dom96 / httpbeast

A highly performant, multi-threaded HTTP 1.1 server written in Nim.
MIT License
442 stars 51 forks source link

http 1.1 request smuggling #95

Closed anas-cherni closed 7 months ago

anas-cherni commented 7 months ago

Vulnerability Details: 1) Products: HttpBeast, Jester 2) Tested Version: latest versions 3) Vulnerability: Http 1.1 request smuggling 4) PoC:

image

import jester

routes:
  get "/":
    resp "Hello world"

runForever()

5) Impact: It is feasible to surreptitiously introduce a malicious request, leading to a disruption in the user experience. This vulnerability may result in various impacts such as Session Hijacking, Privilege Escalation, cache poisoning, and Denial of Service (DoS). Additionally, Self-XSS has the potential to escalate into a more severe Cross-Site Scripting (XSS) attack. In a broader context, this vulnerability can be interconnected with other vulnerabilities, amplifying their overall severity.

dom96 commented 7 months ago

The library right now expects to be put behind a reverse proxy which will protect against these kinds of issues. There is a lot of hardening required against these types of issues before you can run it on the open internet.