Kamailio vulnerable to header smuggling possible due to bypass of remove_hf

Posted by Sandro Gauci on Sep 01

# Kamailio vulnerable to header smuggling possible due to bypass of remove_hf

– Fixed versions: Kamailio v5.4.0
– Enable Security Advisory: <https://github.com/EnableSecurity/advisories/tree/master/ES2020-01-kamailio-remove-hf>
– Tested vulnerable versions: 5.3.5 and earlier
– Timeline:
– Report date & issue patched by Kamailio: 2020-07-16
– Kamailio rewrite for header parser (better fix): 2020-07-16 to 2020-07-23
-…

If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.

Patreon

Original Source