# Onapsis Security Advisory 2022-0001: HTTP Request Smuggling in SAP Web Dispatcher ## Impact on Business By injecting an HTTP request as a prefix into a victim's request, a malicious user is able to cause damage in different ways, such as producing a Denial of Service by setting an invalid request as a prefix. It is also possible to inject a valid prefixed request that will include the victim's information from its original request. This can be leveraged to perform malicious requests with the victim's credentials or information, or even steal user data. HTTP smuggling can also be combined with other vulnerabilities such as a XSS or reflected content (not vulnerability by itself), by injecting a request to the vulnerable application/web page as a prefix. If the attacker is able to set the prefix of the victim request and also knows a reflected XSS (it can also work with other content reflection), then the response will include a malicious script that will be executed on the victim's browser. This vulnerability is also useful to perform Web Cache Poisoning. The HTTP caches in the different layers will see valid requests for which the response should be stored (considered static), but the actual request is modified by the prefix of the attacker to retrieve another resource, which should not be stored in the cache. As an example, if a user requests an image, the server will probably cache the response as the resource is static. However, if this request is prefixed by another request which returns sensible data, such as personal information, then this response will be stored in the cache. Therefore, when the attacker requests the same image, all the victim's personal information will be retrieved. Finally, a critical information disclosure could end up in session hijacking and further attacks. This ..
Support the originator by clicking the read the rest link below.
