HATTIFNATTOR
25.03.2008, 13:36
Stefano Di Paola has reported some vulnerabilities in Internet Explorer, which can be exploited by malicious people to conduct HTTP request smuggling/splitting attacks.
The problem is that it is possible to modify certain headers via "setRequestHeader()", which can be exploited to e.g. inject arbitrary HTTP requests by setting the "Transfer-Encoding" header to "chunked" or to overwrite certain headers (e.g. "Content-Length", "Host", and "Referer").
The vulnerabilities are reported in version 7.0.5730.11. Other versions may also be affected.
http://secunia.com/advisories/29453/
The problem is that it is possible to modify certain headers via "setRequestHeader()", which can be exploited to e.g. inject arbitrary HTTP requests by setting the "Transfer-Encoding" header to "chunked" or to overwrite certain headers (e.g. "Content-Length", "Host", and "Referer").
The vulnerabilities are reported in version 7.0.5730.11. Other versions may also be affected.
http://secunia.com/advisories/29453/