c2c-oerpscenario team mailing list archive

Thread
Date

[Bug 618674] Re: [5.0] HTTP Request Smuggling possible in 5.0

To: c2c-oerpscenario@xxxxxxxxxxxxxxxxxxx
From: "Olivier Dony \(OpenERP\)" <618674@xxxxxxxxxxxxxxxxxx>
Date: Wed, 15 Dec 2010 17:42:06 -0000
Reply-to: Bug 618674 <618674@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

To be more precise: the warning you saw was just a security measure of
the browser because the former Ajax library tried to set a header that
cannot be manually set. This was useless and not harmful in any way, and
is now removed.

The attack you refer to is simply the reason why modern browsers refuse
to let the Ajax callers set these headers, and this is about a
vulnerability of Proxies and Web Gateway, and is not a concern for
OpenERP.

** Visibility changed to: Public

** This bug is no longer flagged as a security vulnerability

** Changed in: openobject-client-web
   Importance: Critical => Low

-- 
You received this bug notification because you are a member of C2C
OERPScenario, which is subscribed to the OpenERP Project Group.
https://bugs.launchpad.net/bugs/618674

Title:
  [5.0] HTTP Request Smuggling possible in 5.0

Status in OpenObject Web Client:
  Fix Released

Bug description:
  Hi 

I found an issue when i configure the web client with reverse proxy

I use Chromuim (Chrome web browser) and i activate the javascript console, after login, i see the menu and in my console i see:
- Refused to set unsafe header "Connection" 
- Refused to set unsafe header "Content-length" 

After some search on the web, i found this article http://www.owasp.org/index.php/HTTP_Request_Smuggling and explain how to exploi this issue with embeded a second http request in the first one

Regards,