Tag

Smuggling Vulnerability

Browsing

On July 14th, Emil Lerner found and explored new ways of HTTP desync/smuggling exploitation based on HTTP/2 request processing issues. He submitted the bug to the Cloudflare security team through their bug bounty program. This security issue took Cloudflare a week to fix and was completed on July the 24th. Emil was awarded with a $1’000 bounty, and on August 15th, the company accepted this bug for public disclosure. Here we go. The nature and…

In the previous article, we described the vulnerability discovered in the Yii2 Framework 2.0.35. In this piece, you’ll find out how to prevent it. It’s a highly recommended read, especially for web developers who want to quickly check the rule settings and fix a detected vulnerability. Yii is an object-oriented component framework that implements the MVC design pattern (learn more on Wiki). We used Yii2 Framework 2.0.35 as a demo configuration.How a seemingly safe Active…