4,589 questions
HTTP Request Smuggling,Browser-Powered Desync Attacks SharePoint 2019
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(80, 25%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESB%3C/text%3E%3C/svg%3E)
Srinivasulu Batcha [External]
6
Reputation points
The server appears to be vulnerable to client-side desync attacks. A POST request was sent to the path'/' with a second request sent as the body. The server ignored the Content-Length header and did not close the connection, leading to the smuggled request being interpreted as the next request.
CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request Sm...
CAPEC-33: HTTP Request Smuggling
We have configured the SharePoint 2019 newly and WFE's placed in DMZ and Application servers are in Internal Domain.
Can you please suggest the Mitigation plans for this ?
Microsoft 365 and Office SharePoint Server For business
Microsoft 365 and Office SharePoint Development
3,702 questions
{count} vote
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(102.4, 65%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAM%3C/text%3E%3C/svg%3E)
AllenXu-MSFT 24,941 Reputation points Moderator2022-10-28T09:01:42.457+00:00 I‘m currently looking into this thread.
Sign in to comment
Sign in to answer