SYM_GEN_0051 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
| Property | Value |
|---|---|
| Language | generic |
| Severity |  |
| CWE | CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') |
| OWASP | A04:2021 - Insecure Design |
| Confidence Level | Medium |
| Impact Level | Low |
| Likelihood Level | Low |
Description
Conditions for Nginx H2C smuggling identified. H2C smuggling allows upgrading HTTP/1.1 connections to lesser-known HTTP/2 over cleartext (h2c) connections which can allow a bypass of reverse proxy access controls, and lead to long-lived, unrestricted HTTP traffic directly to back-end servers. To mitigate: WebSocket support required: Allow only the value websocket for HTTP/1.1 upgrade headers (e.g., Upgrade: websocket). WebSocket support not required: Do not forward Upgrade headers.