Описание
An issue in OpenResty lua-nginx-module v.0.10.26 and before allows a remote attacker to conduct HTTP request smuggling via a crafted HEAD request.
A flaw was found in the OpenResty lua-nginx-module. Affected versions of this component allow a remote attacker to conduct HTTP request smuggling via a crafted HEAD request. The attacker can use this attack to bypass any frontend proxy protection, serve malicious responses to all the users in the same connection pool, and capture the responses of other users.
Отчет
This vulnerability marked as Important not just a Moderate flaw, because it enables a class of HTTP Request Smuggling attacks that bypass normal security boundaries between front-end and back-end components. While typical HEAD requests should discard the body and ensure no desynchronization occurs, the lua-nginx-module flaw causes the request body to be treated as a new, legitimate HTTP request. This breaks the request-response mapping (queueing) in HTTP/1.1 persistent connections. In modern architectures where API gateways (like Kong) sit behind a front-end CDN or reverse proxy (such as Nginx, Cloudflare), this leads to severe security consequences—including response queue desynchronization, serving malicious or sensitive responses to other users, bypassing authentication/authorization rules, and ultimately allowing an attacker to hijack cross-user sessions and sensitive data.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat 3scale API Management Platform 2 | 3scale-amp-apicast-gateway-container | Affected |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
EPSS
7.7 High
CVSS3
Связанные уязвимости
An issue in OpenResty lua-nginx-module v.0.10.26 and before allows a remote attacker to conduct HTTP request smuggling via a crafted HEAD request.
An issue in OpenResty lua-nginx-module v.0.10.26 and before allows a remote attacker to conduct HTTP request smuggling via a crafted HEAD request.
An issue in OpenResty lua-nginx-module v.0.10.26 and before allows a r ...
An issue in OpenResty lua-nginx-module v.0.10.26 and before allows a remote attacker to conduct HTTP request smuggling via a crafted HEAD request.
Уязвимость модуля lua-nginx-module веб-сервера NGINX, связанная с непоследовательной интерпретацией HTTP-запросов, позволяющая нарушителю отправить скрытый HTTP-запрос (атака типа HTTP Request Smuggling)
EPSS
7.7 High
CVSS3