Описание
Header Forgery in http-signature
Affected versions of http-signature contain a vulnerability which can allow an attacker in a privileged network position to modify header names and change the meaning of the request, without requiring an updated signature.
This problem occurs because vulnerable versions of http-signature sign the contents of headers, but not the header names.
Proof of Concept
Consider this to be the initial, untampered request:
And the request is intercepted and tampered as follows:
In the resulting responses, both requests would pass signature verification without issue.
Recommendation
Update to version 0.10.0 or higher.
Пакеты
http-signature
< 0.10.0
0.10.0
Связанные уязвимости
Http-signature is a "Reference implementation of Joyent's HTTP Signature Scheme". In versions <=0.9.11, http-signature signs only the header values, but not the header names. This makes http-signature vulnerable to header forgery. Thus, if an attacker can intercept a request, he can swap header names and change the meaning of the request without changing the signature.
Http-signature is a "Reference implementation of Joyent's HTTP Signature Scheme". In versions <=0.9.11, http-signature signs only the header values, but not the header names. This makes http-signature vulnerable to header forgery. Thus, if an attacker can intercept a request, he can swap header names and change the meaning of the request without changing the signature.
Http-signature is a "Reference implementation of Joyent's HTTP Signatu ...