Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Alert on whitespace before colon in headers #2

Open
mnot opened this issue Apr 16, 2009 · 4 comments
Open

Alert on whitespace before colon in headers #2

mnot opened this issue Apr 16, 2009 · 4 comments
Labels
message
Milestone
Better Thor Integ...

Comments

@mnot
Copy link
Owner

mnot commented Apr 16, 2009

This is a well-known security issue; RED should notice this condition.
@Boldyn
Copy link

Boldyn commented Sep 5, 2010

Well-known? Can you explain it please? I have no idea how this can be a dangerous for a server.

@mnot
Copy link
Owner Author

mnot commented Sep 7, 2010

Because some implementations will treat a header named "Foo" differently than one named "Foo ", and this can enable attacks like HTTP response smuggling.

See http://tools.ietf.org/html/draft-ietf-httpbis-p1-messaging-11#section-3.2

@mnot
Copy link
Owner Author

mnot commented Sep 10, 2011

Use thor.error.HeaderSpaceError

mnot added a commit that referenced this issue Mar 22, 2017
@mnot
Check for whitespace before colon in headers.
2d0f6e4 
For #2
@mnot
Copy link
Owner Author

mnot commented Mar 22, 2017

The header isn't highlighted, probably because of the whitespace.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
message
Projects
None yet
Milestone
Better Thor Integration
Development

No branches or pull requests
2 participants
@mnot @Boldyn