Описание
H3 is a minimal H(TTP) framework built for high performance and portability. Prior to 1.15.5, there is a critical HTTP Request Smuggling vulnerability. readRawBody is doing a strict case-sensitive check for the Transfer-Encoding header. It explicitly looks for "chunked", but per the RFC, this header should be case-insensitive. This vulnerability is fixed in 1.15.5.
A flaw was found in h3, a minimal HTTP (Hypertext Transfer Protocol) framework. A remote attacker can exploit this vulnerability by sending a specially crafted HTTP request where the Transfer-Encoding header uses a case variation of "chunked". The readRawBody function performs a strict case-sensitive check for this header, which violates the RFC standard requiring case-insensitivity. This improper parsing can lead to HTTP Request Smuggling, potentially allowing attackers to bypass security controls, poison web caches, or conduct other malicious activities.
Отчет
This vulnerability is rated Important for Red Hat products as it affects the h3 HTTP framework, which is used in Fedora 42 and 43. A remote attacker can exploit this flaw by sending a specially crafted HTTP request with a case-variant Transfer-Encoding header, leading to HTTP Request Smuggling. This can enable attackers to bypass security controls and poison web caches.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
Дополнительная информация
Статус:
8.9 High
CVSS3
Связанные уязвимости
H3 is a minimal H(TTP) framework built for high performance and portability. Prior to 1.15.5, there is a critical HTTP Request Smuggling vulnerability. readRawBody is doing a strict case-sensitive check for the Transfer-Encoding header. It explicitly looks for "chunked", but per the RFC, this header should be case-insensitive. This vulnerability is fixed in 1.15.5.
8.9 High
CVSS3