Bypassing URL Authentication and Authorization with HTTP Verb Tampering |
|
| BugsAlert Home > Bypassing URL Authentication and Authorization with HTTP Verb Tampering | |
|
LinuxSecurity.com: Many URL authentication and authorization mechanisms make security decisions based on the HTTP verb in the request. Many of these mechanisms work in a counter-intuitive way. This fact, in combination with some oddities in the way that both web and application servers handle unexpected HTTP verbs causes the rules dictated by those mechanisms to be bypassable. This article goes into detail discussing this vulnerability and how the various vendors are affected. What do you think about this attack do you think we should be concerned? Original Source: http://www.linuxsecurity.com/content/view/137953?rdf Learn more about Bypassing URL Authentication and Authorization with HTTP Verb Tampering |
|
|
Tags: bypassing url authentication authorization http verb tampering |
|
Related Items |
|
|
Hangs on session_start()
|
|
|
FrSIRT - Alaxala AX Series BGP UPDATE Denial of Service Vulnerability
|
|
|
CVE-2008-4747 (java_access_manager)
|
|
|
CVE-2008-2945 (Java System Access Manager, java_system_identity_server)
|
|
|
CVE-2008-5184 (cups)
|
|
|
CVE-2008-2181 (cplinks)
|
|
|
FrSIRT - Debian Security Update Fixes Exiftags Buffer Overflow and DoS Issues
|
|
