HTTP response split attacks, HttpWebRequest and the NET Framework 1.1 SP1

Miglioramenti alla sicurezza di .NET

Di .NET e di altre amenit — Sun, 05 Sep 2004 23:12:00 GMT

Miglioramenti alla sicurezza di .NET

Di .NET e di altre amenit — Sun, 05 Sep 2004 23:12:00 GMT

Fw 1.1 Sp1: pi

Alessandro Scardova — Mon, 06 Sep 2004 16:34:00 GMT

re: HTTP response split attacks, HttpWebRequest and the NET Framework 1.1 SP1

Aleks — Tue, 21 Sep 2004 07:36:00 GMT

hi,

i think that my web site have this security problem on two pages (rss and a page that display a picture http://www.Dotnet-Project.com/showimage.aspx).

One use ContentType="text/xml" and the other ContentType="image/gif"

I will try to night to change the web.config but how can i fix it in other way (the secure way ?)

Thank you

re: HTTP response split attacks, HttpWebRequest and the NET Framework 1.1 SP1

Gilles — Tue, 21 Sep 2004 17:05:00 GMT

Aleks: By reading your post, it is not immediately obvious that your site has this problem. There does not seem to be any spaces in ContentType which would indicate that this header is not the issue, if there is any issue. Are you 100% sure that there is an issue with the headers?

Headers can come from two location: first the web application running (i.e. showimage.aspx) and the HTTP request processor (IIS and/or ASP.NET).

IIS does not return "wrong" headers by default. ASP.NET, to the best of my knowledge does not either but does not prevent a web application to return malformed header names. If you suspect such a problem, I would start by looking at the application. Be sure to look at all HTTP handlers that might be modifying the stream after the page has been rendered.

To fix it, you would find the offending code (the one that returns the wring header), change it to be a "good" header and rebuild the code.

re: HTTP response split attacks, HttpWebRequest and the NET Framework 1.1 SP1

Aleks — Tue, 21 Sep 2004 20:38:00 GMT

Thx Gilles for your response.
I tried to change my web.config and you're right this is not my problem.

I've just make a small winapp to see informations such as headers that my page return and i was very surprised :

When i look to the headers return by my local testing server it is all right BUT when i try to the main server (http://www.dotnet-project.com/showimage.aspx) the ContentType header is missing.
The two servers run the same code and have the same webpages.

Is it a security fix ?
Have an idea ?

Thx for your help

RANT: Why does Microsoft keep adding breaking changes to the framework!

Scott Galloway's Personal Blog — Wed, 29 Sep 2004 18:59:00 GMT

BizTalk Not able to send 50kb over http send port

Ramkumar — Thu, 30 Sep 2004 17:26:00 GMT

Hi Gilles
We are having issue with biztalk not able to send over 50 kb of xml over http protocol thru biztalk.I couldnt find any article abt this issue.I would really appreciate if u can throw light on this subject
Thanks
Ramkumar

re: HTTP response split attacks, HttpWebRequest and the NET Framework 1.1 SP1

Gilles — Thu, 30 Sep 2004 18:32:00 GMT

Ramkumar: Biztalk 2004 uses POST to send data so it should be able to send more than 50Kb. This is most likely a configuration issue on the Web Application and/or BizTalk. You do not explain what happens exactly when you try to send more than 5oKb: any error, special behavior ... so it is impossible for me to figure out what is wrong in your specific case without looking at your system(s).

Take a look at the web server logs and see if there is anything wrong there. Look for connections close, unusal status ... Take a look at the BizTalk machine's event log and see if there is anything wrong there as well.

A few things to check:

1) any proxy server in between that would limit the amount of a POST request?
2) you are sending the data in the body, right?
3) use a network monitoring tool like netmon or tcpdump (or ethereal) to capture the whole faulty HTTP session. You will be able to figure out who (if any) closes the connection first, what is the status of the close, how much data went in... It is important to figure out if BizTalk closes the connection first of if the web application is closing first even though BizTalk has more data to send,
4) are you sure you are not timing out while transmitting?
5) write a small web application that just saves the content to a file and point BizTalk to it so you can control the server yourself.
6) are you sure you are actually sending the right data? Maybe your send pipeline (if any) does not produce the data you expect (i.e. it produces less data than expected for instance). The HTTP send adapter will send only what it receives.

There are of course so much more things you would normally check but this is going to get you started.

re: HTTP response split attacks, HttpWebRequest and the NET Framework 1.1 SP1

Ramkumar — Thu, 30 Sep 2004 22:06:00 GMT

Gilles
Thank you so much for the information.We have tried all the methods what you have mentioned steps.It seems BizTalk sends chunk of data over 48 kb and they have hotfix from microsoft to install the fix
http://support.microsoft.com/default.aspx?scid=kb;%5bLN%5d;839663#appliesto

Though after installing the hot fix we are in the same state getting bad response from the http server 400.If you can throw more light on this area we would really appreciate your help
Thanks
Ramkumar

re: HTTP response split attacks, HttpWebRequest and the NET Framework 1.1 SP1

Ramkumar — Sun, 03 Oct 2004 16:55:00 GMT

Gilles
W finally figured it out after making the changes in registry key mentioned in KB 839633

Thanks
Ramkumar

re: HTTP response split attacks, HttpWebRequest and the NET Framework 1.1 SP1

Gilles — Sun, 03 Oct 2004 19:55:00 GMT

Ramkumar: I m glad you got it to work. So this was the chunk encoding that ws causing issues.

Sharpreader, WordPress, and .NET Framework 1.1 SP1

Kevin's Stuff — Sun, 10 Oct 2004 08:05:00 GMT

Apparently there's a minor disconnect between these three items and RSS2 feeds. You'll notice that the last time I recieved a feed from nf0's Life was on the 23rd of September. The last update from scriptygoddess was on the 24th....

The server committed an HTTP protocol violation

Communication WEB — Fri, 15 Oct 2004 22:42:00 GMT

The server committed an HTTP protocol violation

journeying geek » Your WordPress feeds are broken!

TrackBack — Sun, 17 Oct 2004 05:40:00 GMT

journeying geek » Your WordPress feeds are broken!

re: Solving the BizTalk 2004, Web Services, and the

Dot Net Dunk — Fri, 05 Nov 2004 17:12:00 GMT

dot net 1 1 install problems

dot net 1 1 install problems — Mon, 07 Jul 2008 15:15:49 GMT

PingBack from http://melany.infovideoclub.info/dotnet11installproblems.html