Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

request.Header[connectionHeaderName] is incorrect due to casing of connectionHeaderName. #191

Closed
prometherion opened this issue Feb 22, 2022 · 1 comment · Fixed by #192
Closed

request.Header[connectionHeaderName] is incorrect due to casing of connectionHeaderName. #191

prometherion opened this issue Feb 22, 2022 · 1 comment · Fixed by #192
Assignees
@prometherion
Milestone
v0.3.0

Comments

@prometherion
Copy link
Member

request.Header[connectionHeaderName] is incorrect due to casing of connectionHeaderName.

Originally posted by @enj in #189 (comment)
@prometherion prometherion self-assigned this Feb 22, 2022
@prometherion prometherion added this to the v0.3.0 milestone Feb 22, 2022
@prometherion prometherion linked a pull request Feb 22, 2022 that will close this issue
fix: retrieving connection values using case insensitive function #192
Merged
@prometherion
Copy link
Member Author

I tested the actual code in order to obtain privilege escalation using the malicious header Connection, both in capitalized version, and lowercase, but I wasn't able to exploit it.

The issue the actual implementation is suffering is the inability of doing a proper HTTP upgrade, this means it's a functional bug and not a further CVE, nor an opening of the previous one.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@prometherion prometherion

Labels
None yet
Projects
None yet
Milestone
v0.3.0
Development

Successfully merging a pull request may close this issue.

fix: retrieving connection values using case insensitive function projectcapsule/capsule-proxy
1 participant
@prometherion