HTTP Request Smuggling in Microsoft IIS Server
Published Nov 28 2023 10:11 AM 3,235 Views
Microsoft

Symptoms - 

Security scans show Request Smuggling vulnerability on IIS server.

The vulnerability allows a remote attacker to perform HTTP request smuggling attack.

 

The vulnerability exists due to the way that HTTP proxies (front-end) and web servers (back-end) that do not strictly adhere to RFC standards handle sequences of HTTP requests received from multiple sources. A remote attacker can send a specially crafted request to a targeted IIS Server, perform HTTP request smuggling attack and modify responses or retrieve information from another user's HTTP session.

 

Resolution:

 

Enable the request smuggling filter on your web server by using the Registry Editor

  1. Click Start, click Run, type Regedit in the Open box, and then click OK.
  2. Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters
  3. Set DWORD type value DisableRequestSmuggling to one of the following:
    • Set to 0 to disable the filter
    • Set to 1 to enable the filter
  4. Exit Registry Editor.
  5. Restart the computer.

 

 

Co-Authors
Version history
Last update:
‎Nov 27 2023 09:07 PM
Updated by: