logo

Knowledge Base

Access official resources from Carbon Black experts

Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

PSC: Is Carbon Black's Cloud vulnerable to recent HTTP desync attacks?

PSC: Is Carbon Black's Cloud vulnerable to recent HTTP desync attacks?

Environment

  • Predictive Security Cloud (PSC): All Versions
    • CB Defense
    • CB LiveOps
    • CB ThreatHunter
    • CB ThreatSight

Question

Is the PSC vulnerable to the HTTP desync/request smuggling attacks described in the resources below?

https://portswigger.net/blog/http-desync-attacks-request-smuggling-reborn
https://nvd.nist.gov/vuln/detail/CVE-2014-0099

Answer

No. This vulnerability is in unpatched versions of Apache Tomcat.
  
Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4,
when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.

The PSC does not use these unpatched versions of Apache Tomcat, and we regularly scan our infrastructure for vulnerabilities and implement the requisite patches.

Was this article helpful? Yes No
100% helpful (1/1)
Article Information
Author:
CB_Support
Creation Date:
‎09-10-2019
Views:
288
Contributors
logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.