Home > CAPEC List > CAPEC-273: HTTP Response Smuggling (Version 2.11)  

CAPEC-273: HTTP Response Smuggling

HTTP Response Smuggling
Definition in a New Window Definition in a New Window
Attack Pattern ID: 273
Abstraction: Detailed
Status: Draft
Completeness: Stub
Presentation Filter:
+ Summary

An attacker injects content into a server response that is interpreted differently by intermediaries than it is by the target browser. To do this, it takes advantage of inconsistent or incorrect interpretations of the HTTP protocol by various applications. For example, it might use different block terminating characters (CR or LF alone), adding duplicate header fields that browsers interpret as belonging to separate responses, or other techniques. Consequences of this attack can include response-splitting, cross-site scripting, apparent defacement of targeted sites, cache poisoning, or similar actions.

+ Attack Prerequisites
  • The targeted server must allow the attacker to insert content that will appear in the server's response.

+ Typical Severity


+ Resources Required

None: No specialized resources are required to execute this type of attack.

+ Solutions and Mitigations

Design: Employ strict adherence to interpretations of HTTP messages wherever possible.

Implementation: Encode header information provided by user input so that user-supplied content is not interpreted by intermediaries.

+ References
[R.273.1] "HTTP Response Smuggling". Beyond Security. <http://www.securiteam.com/securityreviews/5CP0L0AHPC.html>.
[R.273.2] [REF-1] "WASC Threat Classification 2.0". WASC-27 - HTTP Response Smuggling. The Web Application Security Consortium (WASC). 2010. <http://projects.webappsec.org/HTTP-Response-Smuggling>.
+ Content History
CAPEC Content TeamThe MITRE Corporation2014-06-23Internal_CAPEC_Team
CAPEC Content TeamThe MITRE Corporation2017-08-04Updated Related_Attack_Patterns, Resources_RequiredInternal

More information is available — Please select a different filter.
Page Last Updated or Reviewed: August 04, 2017