Skip to content

Request smuggling is possible when both chunked TE and content length specified

Low severity GitHub Reviewed Published Jan 27, 2020 in ktorio/ktor • Updated Jan 9, 2023

Package

maven io.ktor:ktor-client-cio (Maven)

Affected versions

< 1.3.0

Patched versions

1.3.0
maven io.ktor:ktor-server-cio (Maven)
< 1.3.0
1.3.0

Description

Impact

Request smuggling is possible when running behind a proxy that doesn't handle Content-Length and Transfer-Encoding properly or doesn't handle alone \n as a headers separator.

Patches

ktorio/ktor#1547

Workarounds

None except migrating to a better proxy.

References

https://portswigger.net/web-security/request-smuggling
https://tools.ietf.org/html/rfc7230#section-9.5

References

@cy6erGn0m cy6erGn0m published to ktorio/ktor Jan 27, 2020
Reviewed Jan 27, 2020
Published to the GitHub Advisory Database Jan 27, 2020
Last updated Jan 9, 2023

Severity

Low

EPSS score

Exploit Prediction Scoring System (EPSS)

This score estimates the probability of this vulnerability being exploited within the next 30 days. Data provided by FIRST.
(0th percentile)

Weaknesses

Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

The product acts as an intermediary HTTP agent (such as a proxy or firewall) in the data flow between two entities such as a client and server, but it does not interpret malformed HTTP requests or responses in ways that are consistent with how the messages will be processed by those entities that are at the ultimate destination. Learn more on MITRE.

CVE ID

CVE-2020-5207

GHSA ID

GHSA-xrr9-rh8p-433v

Source code

No known source code
Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.